Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After being infected w/ Trojan.Bamital + others explorer.exe is not running, can't browse files, can't system restore, BSOD occurs a lot, please help!


  • Please log in to reply
16 replies to this topic

#1 Chimmychimp

Chimmychimp

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 12:35 PM

Hi there, this is my first post as I'm pretty new. I really hope you guys can help me sort this out, as I've searched everywhere for a solution and I'm really starting to panic, as I have no clue about this sort of thing.

Ok so a couple of days ago I was just browsing the internet, on msn etc. as you do when this fake virus scan popped up, along with a cmd window. I noticed system32 in the cmd window and a message popped up saying something along the lines of 'do you want to enable antivirus software?'. I tried clicking no because I thought it was fake, the blue screen popped up and my laptop proceeded to turn itself off.

I got worried when I turned it back on, and the same thing popped up as soon as I logged on: Fake scan -> Blue screen -> restart. So I managed to boot it up in safe mode. Now my subscription to Windows Live OneCare had run out, but usually it quarantines threats for me as and when I get them. For whatever reason, it would not let me run this in safe mode. NB - at this point I still had a task bar, could still browse files and programs from the start menu and using explorer. So, I thought to myself I would try and System Restore, as this usually resolves problems. I tried running System Restore but kept getting error messages saying that it had been disabled by group policy. I then proceeded to search the internet for a solution. As my version of Vista is home edition, it did not have a group policy editor, so I had to use the Registry Editor. However, when I tried to run this it had also been disabled by the administrator. I thought this was impossible, as I am the only user and administrator on this laptop. THEN, I had to google a solution to this new problem, found a VB script online then made Registry Editor accessible again and directed myself to the System Restore section. Here there was the usual default, but there was also one called "DisableSR". Every time I tried to delete it, it kept coming back. I tried editing the values but nothing would work.

So I tried to google a solution to this problem but could not find one. I figured it must've been down to some sort of virus that I had been infected with. So I downloaded a new antivirus program: Spyware Doctor. This worked well for me and removed several infections that it found, including a camera monitor, a fake antivirus program and others. I was surprised at these being there as Windows Live OneCare never mentioned anything about them.

I then used Spyware Doctor to remove all of the infections but one: Trojan.Bamital. This was identified as high risk by Spyware Doctor, so I wanted to remove it ASAP. When I first ran Spyware Doctor, I tried cleaning all the viruses at the same time, but got a BSOD. So, after my commputer rebooted in safe mode, I ran Spyware Doctor again and proceeded to clean the viruses one by one, until I was left with just one.

Every time I tried to clean Trojan.Bamital, I got a BSOD. I looked for a solution but again, could not find one. So I left it overnight, came back to boot up my computer the next day and I literally got nothing. Just a black screen with my mouse; only CTRL+ALT+DEL works. I have no task bar or start button, I cannot browse files. I can bring up the task manager then subsequently the CMD window. However, I can't run explorer.exe. I can't run system restore. I had to open this Firefox window using the task manager. I have no sound either.

This problem sounds very similar to this thread:
http://www.bleepingcomputer.com/forums/topic353964.html
which is how I found you. However, I did not want to do anything suggested there as it might not be the right thing to do. I have no experience fixing computers, I'm pretty much new to this as I've had no problems with malware in the past.

Please help me, I'm worrying a lot about my laptop, as I have many important files, lots of music and college work too.

I had the laptop running in normal mode last night, but the same thing happens there as described above; both in safe mode and normal mode I get nothing. But just now I tried to run firefox.exe in the task manager in normal mode to write this message, but got yet another BSOD. Therefore, I am now writing this message in safe mode, after running firefox successfully from the task manager.

Thank you in advance, apologies if this is in the wrong section.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 07 December 2010 - 12:54 PM

Hello,let's try getting some logs in safe mode.
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now Reboot to normal and try an Online scan.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 01:17 PM

Hi Boopme, thanks for replying so quickly.

I'm in safe mode with networking, but I can't download anything for some reason? I had this problem before when downloading the script to fix the registry editor. This is what happens when I try to download the first linked file with firefox:

It opens the downloads window and appears there but says it was cancelled, so I click retry and it seems to have worked. But I right click it and go to "Open" or "Open containing folder" and they're both greyed out.

I solved the problem by downloading with Opera before, but now I can't run opera as I have no taskbar or start button.

Any suggestions?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 07 December 2010 - 01:22 PM

See if this lets us in. It may allow this as the malware may not see this as a threat.

Go to File association fixes for Windows Vista

Click the exe box
Instructions:
To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click - Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 01:33 PM

See if this lets us in. It may allow this as the malware may not see this as a threat.

Go to File association fixes for Windows Vista

Click the exe box
Instructions:
To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click - Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes.


I've downloaded it and extracted it to the desktop, but it's not appearing anywhere. All I have is a black screen with none of my usual shortcuts or files :/

How do I navigate to the file to merge it if I cannot run explorer? I just tried right clicking the file from the downloads list, then clicking on 'Open containing folder', I just get this error message:

"C:\Users\Ollie

Application not found"

Thanks again for the quick reply.

#6 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 01:39 PM

UPDATE: I managed to go to my gmail account, click the attach file button and find it on there. I then merged it from this menu - this seems to be an alternative way for me to browse my files now that I can't use explorer.exe.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 07 December 2010 - 03:10 PM

You may be able to run them as an ADMINISTRATOR.
Click the Start Button
Type explorer.exe in the start search box
Now right click on explorer.exe and choose Run as Administrator

Now go straight to Rkill,then SAS ( all in Normal mode)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 03:50 PM

You may be able to run them as an ADMINISTRATOR.
Click the Start Button
Type explorer.exe in the start search box
Now right click on explorer.exe and choose Run as Administrator

Now go straight to Rkill,then SAS ( all in Normal mode)


I have no start button to click, nor a taskbar :/

I ran rkill and got this log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/12/2010 at 19:15:35.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/12/2010 at 19:15:37.


And SAS is currently running a scan, it's taking a while.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 07 December 2010 - 03:53 PM

Uggh ,my bad . Let's see if we get one after SAS reoves some junk.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 04:04 PM

Uggh ,my bad . Let's see if we get one after SAS reoves some junk.


Ok thanks for helping me so far, you've been great :)

Whenever my other antivirus tried to remove that Trojan.Bamital virus, it blue screened. So fingers crossed this time will be different.

#11 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 06:41 PM

My SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2010 at 10:28 PM

Application Version : 4.46.1000

Core Rules Database Version : 5964
Trace Rules Database Version: 3776

Scan type : Complete Scan
Total Scan Time : 02:52:07

Memory items scanned : 388
Memory threats detected : 0
Registry items scanned : 10162
Registry threats detected : 7
File items scanned : 246599
File threats detected : 366

Trojan.Agent/Gen-FakeScan
[ancxmsrwoe.exe] C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\ANCXMSRWOE.EXE
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\ANCXMSRWOE.EXE

Trojan.Agent/Gen
[uPc+kt0NrPJsiv] C:\WINDOWS\SYSTEM32\OWK6U.DLL
C:\WINDOWS\SYSTEM32\OWK6U.DLL
[uPc+kt0NotaCxl] C:\WINDOWS\SYSTEM32\MLKLLTKL.DLL
C:\WINDOWS\SYSTEM32\MLKLLTKL.DLL
[uPc+kt0NrPJsiv] C:\WINDOWS\SYSTEM32\OWK6U.DLL
[uPc+kt0NotaCxl] C:\WINDOWS\SYSTEM32\MLKLLTKL.DLL
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\MWJVLO6Y.EXE

Trojan.Agent/Gen-FakeAV
[bwmssokd] C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\UOQYAUANT\UIVPIETAFFM.EXE
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\UOQYAUANT\UIVPIETAFFM.EXE
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\TVCASTB.EXE

Adware.Tracking Cookie
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@collective-media[1].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@doubleclick[2].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@content.yieldmanager[5].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@CA84H1CQ.txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@CA8KCWYW.txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@clicksor[8].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@myroitracking[11].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@myroitracking[1].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@CA5KEWC2.txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@CA8ZAHL9.txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@CAL7525C.txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@CAJZZWNL.txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@bs.serving-sys[4].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@serving-sys[6].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@ads.lzjl[10].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@ads.bleepingcomputer[2].txt
atdmt.com [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GPSHDXGF ]
m1.emea.2mdn.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GPSHDXGF ]
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@2o7[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@2o7[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ads.aol.co[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ads.aol.co[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ads.aol.co[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[4].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@bs.serving-sys[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@serving-sys[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@uk.at.atwola[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@uk.at.atwola[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@uk.at.atwola[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@yieldmanager[1].txt
.2o7.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.revsci.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oihgx293.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media1.break.com [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
s0.2mdn.net [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
secure-uk.imrworldwide.com [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
secure-us.imrworldwide.com [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
www.naiadsystems.com [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
www.sexyandfunny.com [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
wwwstatic.megaporn.com [ C:\Users\Ollie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PPV3K57S ]
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@ads.lzjl[1].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@ads.lzjl[2].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@atdmt[1].txt
C:\Users\Ollie\AppData\Roaming\Microsoft\Windows\Cookies\ollie@doubleclick[1].txt
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
objects.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
s0.2mdn.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
spe.atdmt.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
stat.easydate.biz [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YV4HQ37T ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@7699.6163-f967c5ad.findsearchengineresults[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a1.interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[9].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.associatedcontent[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.associatedcontent[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.associatedcontent[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.bighealthtree[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.myadplatform[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.myadplatform[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.raasnet[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.raasnet[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.raasnet[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.smartadx[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.smartadx[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserving.ezanga[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserving.ezanga[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtechus[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtechus[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adviva[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adviva[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@associatedcontent.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@associatedcontent.112.2o7[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.searchnation[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.searchnation[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.searchnation[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbank[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91419.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91419.information-seeking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91457.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91469.information-seeking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz2.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz2.91469.information-seeking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz3.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz3.91469.information-seeking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz4.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz4.91469.information-seeking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz5.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz6.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz7.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz9.91469.information-seeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.fastgetonline[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.mysearchdomain[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.searchallsite[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.searchallsite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.searchallsite[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickthrough.kanoodle[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[11].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[9].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gocitymedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@harrenmedianetwork[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ict.infinity-tracking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@in.getclicky[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@in.getclicky[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indoormedia.co[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indoormedia.co[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kontera[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kontera[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[8].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p170t1s1398149.kronos.bravenetmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p186t1s1531461.kronos.bravenetmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[6].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[7].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.adjug[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.eijoa[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.eijoa[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.foxnews[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.rulexx[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficengine[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficking.nabbr[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uk.at.atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uk.at.atwola[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uk.at.atwola[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@user.lucidmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@user.lucidmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vdwp.solution.weborama[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vdwp.solution.weborama[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@videoegg.adbureau[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w00tpublishers.wootmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weborama[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weborama[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wwi.sssstats[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.ajtrack[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.inteletrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.titusmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[5].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldtracker[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt

Malware.Trace
HKU\S-1-5-21-1101031656-2450966634-1976928756-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer#idstrf [ 1-1CB94EE5339E508 ]

Rogue.AntiMalwareDoctor
C:\Users\Ollie\AppData\Roaming\EE2404869981218F91A43D10A8EBF1B2

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Adware.Vundo/Variant-X32[Header]
C:\PROGRAM FILES\MINDSTAR\CINERGY\CINEUT32.DLL

Trojan.Agent/Gen-Cryptor
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\190063696.EXE.VIR
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\2868835104.EXE
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\73953696.EXE.VIR
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\EFX8TFHC6XGXU.EXE
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\M1F1VP6P0X7QL.EXE

Trojan.Agent/Gen-Clicker
C:\USERS\OLLIE\APPDATA\LOCAL\TEMP\PJSZNNE5O.EXE

Trojan.Agent/Gen-Keygen
C:\USERS\OLLIE\DOCUMENTS\TORRENTZ\CONVERTXTODVD 3.3.4.106E AND KEYGEN [1337X]\KEYGEN.EXE

Trojan.IRCBot/Dropper-Gen
C:\USERS\OLLIE\DOWNLOADS\RSCRACK.EXE

Trojan.Agent/Gen-Cryptor[Egun]
C:\USERS\OLLIE\DOWNLOADS\RSITEMHACK.EXE



Trojan.Agent/Gen-MSFake
C:\USERS\OLLIE\DOWNLOADS\RS+AUTO+WCER.EXE

Trojan.Agent/Gen-Falcomp
C:\USERS\OLLIE\DOWNLOADS\WALLIE CARD GENERATOR V2.1.EXE

Trojan.Agent/Gen-FakeAlert
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PPQAWPLA\OUT[1].RC

Trojan.Agent/Gen-WinAds
C:\WINDOWS\WINAD\WINADS.EXE

=================================================================================================================================

Still waiting for ESET to finish scanning.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 07 December 2010 - 07:34 PM

Excellent, I'm sure there are more and we'll get them.

I see junk in the Temp folders so we can clean them too.

TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Edited by boopme, 07 December 2010 - 07:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 December 2010 - 08:29 PM

Excellent, I'm sure there are more and we'll get them.

I see junk in the Temp folders so we can clean them too.

TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


Ok, I did this, cleaned about 2000MB! I did it in the middle of the online scan though so gonna start that up again.

#14 Chimmychimp

Chimmychimp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 08 December 2010 - 01:07 PM

ESET Scan results:

C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\Users\Ollie\AppData\Local\opuyazad.dll a variant of Win32/Cimag.DV trojan cleaned by deleting - quarantined
C:\Users\Ollie\AppData\Local\syssvc.exe a variant of Win32/Injector.DUX trojan cleaned by deleting - quarantined
C:\Users\Ollie\AppData\Roaming\Laex\ygyq.exe a variant of Win32/Kryptik.ILK trojan cleaned by deleting - quarantined
C:\Users\Ollie\Documents\blob\bl0b_bind\USG bl0b 0.2.2.exe probably a variant of Win32/Agent.HAGPZTH trojan cleaned by deleting - quarantined
C:\Users\Ollie\Documents\Gmail\FirefoxUpdater a variant of MSIL/KillProc.A trojan cleaned by deleting - quarantined
C:\Users\Ollie\Documents\Gmail\SoulLogger.exe a variant of MSIL/Spy.Keylogger.AT trojan cleaned by deleting - quarantined
C:\Users\Ollie\Documents\Uni\UniProtect.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Users\Ollie\Documents\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH]\AVGAV.9.0.663a1706_[RH].rar probably a variant of Win32/Agent.GQQTOSM trojan deleted - quarantined
C:\Users\Ollie\Downloads\Auth Code Generator V1.1.exe a variant of MSIL/Autorun.Spy.Agent.H worm cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\AutoCutter_v_1_3.exe MSIL/Autorun.D worm deleted - quarantined
C:\Users\Ollie\Downloads\AutoHunter_Pro.exe MSIL/Spy.Keylogger.AA trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\GoldMiner.exe probably a variant of MSIL/Spy.Keylogger.S trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\HSS-1.37-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Users\Ollie\Downloads\jZipV1c.exe a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined
C:\Users\Ollie\Downloads\LEAKED rsbots.net auth gen LEAKED(2).exe MSIL/TrojanDropper.StubRC.AAZ trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\LEAKED rsbots.net auth gen LEAKED.exe MSIL/TrojanDropper.StubRC.AAZ trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\MD_2.1.79S(2).exe a variant of Win32/Adware.OneStep.F application deleted - quarantined
C:\Users\Ollie\Downloads\Money Hack.exe probably a variant of MSIL/Spy.Keylogger.S trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\PROAuthGenarator.exe.part a variant of MSIL/TrojanDropper.Agent.AL trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\Rsbots.net Db Crack.exe a variant of MSIL/TrojanDropper.Agent.H trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\RsGen.exe probably a variant of Win32/Injector.AYV trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\Rs_Multi_Hack_v3.EXE Win32/Spatet.A trojan deleted - quarantined
C:\Users\Ollie\Downloads\rs_pin_2_.exe a variant of MSIL/Spy.Keylogger.AA trojan deleted - quarantined
C:\Users\Ollie\Downloads\Runescape member pin gen.exe MSIL/TrojanDropper.Binder.AC trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\Runescape Moderator Hack.exe a variant of MSIL/PSW.Agent.NBP trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\Runescape Moderator program.exe a variant of MSIL/PSW.Agent.NBP trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\RuneScape P-Mod.exe a variant of MSIL/PSW.Agent.NBP trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\RuneScape.exe MSIL/Spy.Keylogger.AA trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\Runescapev5.2(2).exe probably a variant of MSIL/Agent.FAXJZQE trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\Runescapev5.2.exe probably a variant of MSIL/Agent.FAXJZQE trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\SpywareRemovalToolkit_Setup.exe Win32/Adware.SpywareCease application deleted - quarantined
C:\Users\Ollie\Downloads\ANARK;GENZ\ANARK_GENEATOR.exe a variant of Win32/Injector.CRI trojan cleaned by deleting - quarantined
C:\Users\Ollie\Downloads\RSBots.net AuthGen\AuthGen.exe a variant of MSIL/Injector.F trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan cleaned by deleting - quarantined
C:\Windows\System32\wininit.exe Win32/Bamital.EV trojan unable to clean
C:\Windows\System32\config\systemprofile\AppData\Local\syssvc.exe Win32/PSW.Delf.NQS trojan cleaned by deleting - quarantined
C:\Windows\System32\drivers\agp440.sys a variant of Win32/Bubnix.BD trojan cleaned by deleting - quarantined
C:\Windows\System32\drivers\RKHit.sys Win32/Adware.SpywareCease application cleaned by deleting - quarantined
C:\Windows\winad\winadsin.exe a variant of Win32/TrojanClicker.Delf.NLZ trojan cleaned by deleting - quarantined

What should I do next? Thanks again for your continued help.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 08 December 2010 - 03:15 PM

Hello and you are welcome. We need to run a MBAM scan yet. You are very infected. You have keyloggers and other nasty info stealing malware on here and it's from cracked software. Very bad chimp,LOL. This will keep you getting infected. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.



Cracking and keygen tools are often obtained via peer-to-peer (P2P) or file sharing programs which too are a security risk. The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications. Read P2P Software User Advisories, Risks of File-Sharing Technology and P2P file sharing: Anticipate the risks....



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Edited by boopme, 08 December 2010 - 03:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users