Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No antivirus will run, nor will DDS, and all Google results are hijacked


  • Please log in to reply
4 replies to this topic

#1 bentonnetty

bentonnetty

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 30 August 2009 - 11:12 PM

Hello,

Usually I can get myself out of whatever virus jams I get myself into, but this one is the worst ever. If someone could help me, I'd be very thankful.

For the last few days or so, my McAfee software has been catching Trojans on startup, even after running antivirus software. And then, today, I went to a page and my computer made that grind-y sound when something crazy is happening. Suddenly, McAfee was catching tons of things. I went into virus-removal mode, and that's when I found that SpyBot, Ad-Aware, MalwareByte's Anti-Malware, Spyware Doctor, McAfee, and everything else wouldn't work. They would start up and then just suddenly shut down, and then, when I tried to restart them, I was told they couldn't be found.

I tried doing a couple of System Restores to a few days ago, and nothing took.

Can't run antivirus in Safe Mode.

I consulted this thread: http://www.google.com/aclk?sa=L&ai=1t+...CZzI3d4dWU+PiFw

In this particular thread, it seems the person has the SAME problem as me. I get redirected from links on my Google results page, too -- can only read things in "cache" mode.

CWShredder caught one thing, but that's all, and nothing changed.

I ended up getting TFC by Old Timer. It worked, somewhat. Found a couple things. I then went into Safe Mode to use Dr. Web Cure-it, just like the thread suggested, and it worked in Express mode, but not in "complete scan" mode. It just shuts down like the others.

Can't get DDS or Root Repeal to work at all. The black window of DDS pops up and then goes right away.

I'm getting in over my head, here, and I work from my computer from home, so if any kind souls out there can take me under their wing and try to help me out of this one, I'd be super-appreciative.

I should mention that, upon reboot and return to my desktop, i got "RUNDLL" warnings about "zugowuva.dll" and "heyotina.dll" not working correctly, or something like that.

Thanks kindly in advance,
Tony

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 31 August 2009 - 01:31 AM

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.
Posted Image
Proud member of ASAP since 2007

#3 bentonnetty

bentonnetty
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 31 August 2009 - 01:50 AM

Rosty,

Thank you very much for the quick reply.

I followed your link, and I saved the "Installer" link to my desktop. I then clicked that and installed the software to my C drive. The software came up, and I clicked the button that said something like "Scan and save logfile." The program began to run, and then it just vanished, like most every antivirus program I try to run.

I then saved the "Executable" link to my desktop, and ran it. The same thing happened. When I tried to scan, the program ran for a few seconds, and then just went away.

Now, the HijackThis icon on the desktop is a white box, like all of my other antivirus programs, and when I click on it, one of those windows with the red "X" comes up, with a warning that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." This is the warning box that comes up when I click MalwareBytes or SpyBot or most anything.

It appears that I cannot uninstall Hijack This, at this point.

One bright spot: I WAS able to run one SuperAntiSpyware scan before that too was disabled for me. I deleted all of the bad things it found. I will include that log here, along with another word of thanks. This is a really bad problem, and I'm worried about the status of my personal information, as I do all my banking and bill-paying online.

Thank you very much for any help you can offer.

Best,
Tony



The following is the log for that scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/31/2009 at 00:23 AM
Application Version : 4.27.1002
Core Rules Database Version : 4077
Trace Rules Database Version: 2017
Scan type : Quick Scan
Total Scan Time : 00:57:32
Memory items scanned : 554
Memory threats detected : 1
Registry items scanned : 750
Registry threats detected : 11
File items scanned : 11832
File threats detected : 247
Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\NIBAHEYA.DLL
C:\WINDOWS\SYSTEM32\NIBAHEYA.DLL
Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af102724-a284-4a46-a3ed-a7d8cd2a1403}
HKCR\CLSID\{AF102724-A284-4A46-A3ED-A7D8CD2A1403}
HKCR\CLSID\{AF102724-A284-4A46-A3ED-A7D8CD2A1403}\InprocServer32
HKCR\CLSID\{AF102724-A284-4A46-A3ED-A7D8CD2A1403}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MIRUPUHO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ZUGOWUVA.DLL
HKU\S-1-5-21-1378279449-231158241-1776352653-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF102724-A284-4A46-A3ED-A7D8CD2A1403}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
Adware.Tracking Cookie
C:\Documents and Settings\tony\Cookies\tony@rovedbanner321[1].txt
C:\Documents and Settings\tony\Cookies\tony@a1.interclick[1].txt
C:\Documents and Settings\tony\Cookies\tony@content.yieldmanager[3].txt
C:\Documents and Settings\tony\Cookies\tony@trafficmp[1].txt
C:\Documents and Settings\tony\Cookies\tony@www.burstbeacon[1].txt
C:\Documents and Settings\tony\Cookies\tony@ads.bleepingcomputer[2].txt
C:\Documents and Settings\tony\Cookies\tony@eas.apm.emediate[1].txt
C:\Documents and Settings\tony\Cookies\tony@smartadserver[2].txt
C:\Documents and Settings\tony\Cookies\tony@adknowledge[1].txt
C:\Documents and Settings\tony\Cookies\tony@chitika[2].txt
C:\Documents and Settings\tony\Cookies\tony@adbrite[1].txt
C:\Documents and Settings\tony\Cookies\tony@media6degrees[1].txt
C:\Documents and Settings\tony\Cookies\tony@rambler[1].txt
C:\Documents and Settings\tony\Cookies\tony@adserver.adtechus[1].txt
C:\Documents and Settings\tony\Cookies\tony@zombtracker.the-zomb[1].txt
C:\Documents and Settings\tony\Cookies\tony@collective-media[1].txt
C:\Documents and Settings\tony\Cookies\tony@ad1.clickhype[1].txt
C:\Documents and Settings\tony\Cookies\tony@at.atwola[2].txt
C:\Documents and Settings\tony\Cookies\tony@invitemedia[1].txt
C:\Documents and Settings\tony\Cookies\tony@kontera[1].txt
C:\Documents and Settings\tony\Cookies\tony@tribalfusion[1].txt
C:\Documents and Settings\tony\Cookies\tony@extrabanner[1].txt
C:\Documents and Settings\tony\Cookies\tony@247realmedia[2].txt
C:\Documents and Settings\tony\Cookies\tony@questionmarket[1].txt
C:\Documents and Settings\tony\Cookies\tony@stats.paypal[1].txt
C:\Documents and Settings\tony\Cookies\tony@ads.pointroll[2].txt
C:\Documents and Settings\tony\Cookies\tony@tacoda[1].txt
C:\Documents and Settings\tony\Cookies\tony@rotator.adjuggler[1].txt
C:\Documents and Settings\tony\Cookies\tony@ads.telegraph.co[2].txt
C:\Documents and Settings\tony\Cookies\tony@clicktorrent[2].txt
C:\Documents and Settings\tony\Cookies\tony@yadro[1].txt
C:\Documents and Settings\tony\Cookies\tony@ad.yieldmanager[2].txt
C:\Documents and Settings\tony\Cookies\tony@content.yieldmanager[1].txt
C:\Documents and Settings\tony\Cookies\tony@stopzilla[2].txt
C:\Documents and Settings\tony\Cookies\tony@ads.audxch[1].txt
C:\Documents and Settings\tony\Cookies\tony@interclick[1].txt
C:\Documents and Settings\tony\Cookies\tony@revsci[1].txt
C:\Documents and Settings\tony\Cookies\tony@mediastar.titantv[1].txt
C:\Documents and Settings\tony\Cookies\tony@specificclick[2].txt
C:\Documents and Settings\tony\Cookies\tony@precisionclick[1].txt
C:\Documents and Settings\tony\Cookies\tony@specificmedia[3].txt
C:\Documents and Settings\tony\Cookies\tony@msnportal.112.2o7[1].txt
C:\Documents and Settings\tony\Cookies\tony@oasn04.247realmedia[1].txt
C:\Documents and Settings\tony\Cookies\tony@www.stopzilla[1].txt
C:\Documents and Settings\tony\Cookies\tony@ads.bridgetrack[2].txt
C:\Documents and Settings\tony\Cookies\tony@xiti[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyggc5ebpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@data.coremetrics[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@citi.bridgetrack[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjmygidpiap.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjnyskdjsap.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wfligjczmhp.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@stlouiscounty[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@www.screensavers[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ad.yieldmanager[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@1.primaryads[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@public.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@xiti[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjliomdzeap.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoapc5mlqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wfliklc5ibo.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@zedo[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wfmiwhdpeep.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads1.rodale[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@agoramedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyendpkbpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@sav.coolsavings[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-tyson.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@hypertracker[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.jackpot[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.addynamix[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@itmedia.co[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wfk4cnczgkp.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@dist.belnk[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@fortunecity[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@burstnet[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@c3.gostats[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliohdjwdoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@profs.lp.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@realestate.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyondpsgow-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4kgczikpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@pview.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@forms.lp.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@clickability[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ad.admarketplace[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkikndjwcpwqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@www.directnetadvertising[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@belnk[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@trafficmp[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4wncjglqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.pointroll[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@mediaplayer[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@statcounter[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@adserver.news.com[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@adserver[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@as-us.falkag[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuhcpsbpamdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@bannerspace[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@thunderbolt.adjuggler[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@www.burstbeacon[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@bfast[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ojcjicoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@fixionmedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@statse.webtrendslive[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@supreme.lp.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-dexmediainc.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ad-logics[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4gndzmfqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@insightexpressai[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@-1shz2prbmdj6wvny-1sez2pra2dj6wjlikpajgaoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@windowsmedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@phg.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@bravenet[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wfk4gpcpkap.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.adworldnetwork[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@adrevolver[3].txt
C:\Documents and Settings\kelli\Cookies\kelli@adrevolver[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.monster[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@lawyers.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@tripod[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-tickleinc.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.zone-x[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@banner[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@click.pch[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@nextag[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@-1shz2prbmdj6wvny-1sez2pra2dj6wjkysodpkgpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@adopt.specificclick[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@revsci[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ad-rotator[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@starware[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@classaction.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@sel.as-us.falkag[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjl4ujcpwho.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@coolsavings[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@fastclick[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4qncpkhpwydj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyugajabowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@stats1.iad1.gigaisp[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@fcstats.bcentral[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@edge.ru4[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlighajafoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.vnuemedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@www.metareward[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@realmedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyuidpskoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.x10[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjl4wncjglq.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@z1.adserver[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@www.burstnet[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlosod5alog2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@maxserving[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@a.websponsors[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@advertising[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@stats1.clicktracks[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeicjmcpqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.gorillanation[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjlyqkc5wgo.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@revenue[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wfkiqndpago.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-dig.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkougajigoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@valueclick[3].txt
C:\Documents and Settings\kelli\Cookies\kelli@valueclick[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@click.dpbill[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@stats.hit-monster[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@partner2profit[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@bizrate[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ad.reunion[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyeiajagpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@qnsr[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wgkikpazoeo.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@mediaplex[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@banners[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@-1shz2prbmdj6wvny-1sez2pra2dj6wjkyajd5agow-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.mci[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkooocjmaow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@cnn.122.2o7[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjnygld5alp.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjkyknczccp.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@cz4.clickzs[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-sixapart.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycodzeloq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@lawcrawler.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjmiepd5gco.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjloakcpelp.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.specificclick[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@library.lp.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-knightridder.hitbox[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyejazmkogmdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@www4.yesadvertising[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.adsag[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@casalemedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@metareward[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4gndjeeqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@server.iad.liveperson[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@dictionary.lp.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-foundation.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@login.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ads.ah-ha[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyehdzifpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@qksrv[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@articles.corporate.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyahd5eeoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@serving-sys[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@a.as-us.falkag[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@adultswim[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokmdjmhpgmdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@adknowledge[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@insightexpress[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@rowise[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ezzmedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysgdzklpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@web4.realtracker[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@emarketmakers[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@twci.coremetrics[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ezz.ezzmedia[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@linksynergy[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-womanswallstreet.hitbox[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqmcpgepa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjkyeldpcfp.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@stu.findlaw[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@tribalfusion[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@rccl.bridgetrack[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjk4opc5eap.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@icc.intellisrv[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiond5whqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@www6.paypopup[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@ad.musicmatch[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@bluestreak[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoujcjofoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@questionmarket[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-attworldnet.hitbox[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@e-2dj6wjny-1nc5of.stats.esomniture[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@advertiseireland[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@ehg-mtv.hitbox[2].txt
C:\Documents and Settings\kelli\Cookies\kelli@adv.webmd[1].txt
C:\Documents and Settings\kelli\Cookies\kelli@www.findlaw[1].txt
Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSMTVD.DAT
Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\~.EXE
C:\WINDOWS\Prefetch\~.EXE-10AA984B.pf

#4 bentonnetty

bentonnetty
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 31 August 2009 - 05:12 PM

Rosty (and anyone else reading),

I have made the decision to reformat/reinstall. I think it's probably the best decision, for me, based on all the information I've been reading in the last day. I think it's the safest option.

My only question is: am I safe backing up my music/photos/recording software? I just don't want to copy this stuff to an external hard drive and then somehow reinfect my computer when i go to copy it back over. Am I okay, as long as I'm sure I'm just copying things that end with common tags like .jpg, .FLAC, .mpeg, and .mp3? Is there anything I need to know about this process?

Thanks!
Tony

#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 01 September 2009 - 12:36 AM

Rosty (and anyone else reading),

I have made the decision to reformat/reinstall. I think it's probably the best decision, for me, based on all the information I've been reading in the last day. I think it's the safest option.

My only question is: am I safe backing up my music/photos/recording software? I just don't want to copy this stuff to an external hard drive and then somehow reinfect my computer when i go to copy it back over. Am I okay, as long as I'm sure I'm just copying things that end with common tags like .jpg, .FLAC, .mpeg, and .mp3? Is there anything I need to know about this process?

Thanks!
Tony


Hi, sorry to hear you've doen a reformat. That's your decision. Backing up you're software is ok, aslong there are no .exe files in it.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users