Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting after "Windows 7 Repair Virus"


  • This topic is locked This topic is locked
2 replies to this topic

#1 nelly317

nelly317

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 03 July 2011 - 10:29 PM

My computer got infected by the "Windows 7 Repair" virus which shutdown the computer and made the computer nearly unusable. After following the "Automated Removal Instructions for Windows 7 Repair using Malwarebytes' Anti-Malware" guide and (naively) using Combofix, I was able to get the computer in a working state, but I still have issues with Google redirects. I also tried following the instructions to use TDSSKiller -- http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller -- but when I ran the program, nothing was cured.

My next step was to create a help topic here, as per this website: http://www.bleepingcomputer.com/forums/topic34773.html. Below and attached are the DDS and GMER logs, as requested.

Any help would be much appreciated. Thanks!


--------------------DDS Log:---------------------------

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by John at 22:57:54 on 2011-07-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3063.1735 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Expedia\Expedia Fare Alert 2.1\ExpediaFareAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\REGSVR32.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.0.0.125\ips\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.0.0.125\coIEPlg.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIARwA5AEIANwAtAEIARwA3AFcAQwAtAFAAWABSAEMAUgAtAEoAWQBSAFEASgAtAEgARQBNAEIAUgA"&"inst=NwA2AC0ANQA0ADQAMAAyADkAOAA4ADMALQBVADkAMAArADEALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBTAFQAMQArADIALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAwAA"&"prod=54"&"ver=9.0.894
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\expedi~1.lnk - c:\program files\expedia\expedia fare alert 2.1\ExpediaFareAlert.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CBA39E87-DAEF-4BED-9E6A-86C85B8080B7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CBA39E87-DAEF-4BED-9E6A-86C85B8080B7}\2456C6B696E6F574F505C65737F5D494D4F4F5733343648364 : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\8i48wrph.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\john\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\john\appdata\roaming\move networks\plugins\npqmp071701000002.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0500000.07d\SymDS.sys [2011-7-3 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0500000.07d\SymEFA.sys [2011-7-3 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20101123.003\BHDrvx86.sys [2011-7-3 691248]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20101201.001\IDSvix86.sys [2011-7-3 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0500000.07d\Ironx86.sys [2011-7-3 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0500000.07d\symnets.sys [2011-7-3 295032]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2010-11-27 65536]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.0.0.125\ccSvcHst.exe [2011-7-3 130000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 603240]
R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\drivers\rtlss.sys [2010-6-21 23144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-3 366640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2011-07-04 00:13:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-03 23:54:48 -------- d-----w- c:\users\john\appdata\local\temp
2011-07-03 23:20:27 98816 ----a-w- c:\windows\sed.exe
2011-07-03 23:20:27 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 23:20:27 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 23:20:27 208896 ----a-w- c:\windows\MBR.exe
2011-07-03 23:19:10 -------- d-----w- C:\ComboFix
2011-07-03 23:09:57 -------- d-----w- c:\users\john\appdata\local\CrashDumps
2011-07-03 22:40:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-03 22:40:00 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-03 22:40:00 -------- d-----w- c:\program files\Symantec
2011-07-03 22:40:00 -------- d-----w- c:\program files\common files\Symantec Shared
2011-07-03 22:39:34 652336 ----a-r- c:\windows\system32\drivers\n360\0500000.07d\SymEFA.sys
2011-07-03 22:39:34 509560 ----a-r- c:\windows\system32\drivers\n360\0500000.07d\srtsp.sys
2011-07-03 22:39:34 50168 ----a-r- c:\windows\system32\drivers\n360\0500000.07d\srtspx.sys
2011-07-03 22:39:34 340016 ----a-r- c:\windows\system32\drivers\n360\0500000.07d\SymDS.sys
2011-07-03 22:39:34 295032 ----a-r- c:\windows\system32\drivers\n360\0500000.07d\symnets.sys
2011-07-03 22:39:34 136312 ----a-r- c:\windows\system32\drivers\n360\0500000.07d\Ironx86.sys
2011-07-03 22:39:26 -------- d-----w- c:\windows\system32\drivers\n360\0500000.07D
2011-07-03 22:39:26 -------- d-----w- c:\windows\system32\drivers\N360
2011-07-03 22:39:25 -------- d-----w- c:\program files\Norton Security Suite
2011-07-03 22:38:40 -------- d-----w- c:\programdata\NortonInstaller
2011-07-03 22:38:40 -------- d-----w- c:\program files\NortonInstaller
2011-07-03 22:34:07 -------- d-----w- c:\programdata\Norton
2011-07-03 22:22:57 -------- d-----w- c:\program files\Trend Micro
2011-07-03 21:46:50 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{049bf49d-7f7f-4cd1-928b-0be359dde668}\mpengine.dll
2011-07-03 17:58:18 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes
2011-07-03 17:58:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-03 17:58:10 -------- d-----w- c:\programdata\Malwarebytes
2011-07-03 17:58:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-03 17:20:39 94512 ----a-w- c:\windows\system32\drivers\54931248.sys
2011-07-03 08:09:29 94512 ----a-w- c:\windows\system32\drivers\55747466.sys
2011-07-03 06:03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2011-07-03 05:51:44 -------- d--h--w- c:\windows\PIF
2011-07-03 02:14:30 -------- d-----w- c:\programdata\PC Tools
2011-06-29 00:29:55 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 00:29:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 00:29:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 00:29:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 00:29:52 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 00:29:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 00:29:51 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 00:29:51 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 00:29:51 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 00:29:51 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-26 17:12:16 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 17:12:16 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-24 01:53:37 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-06-24 01:52:35 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-06-24 01:51:39 -------- d-----w- C:\_AcroTemp
2011-06-15 06:34:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 06:34:48 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 06:34:48 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-06 23:09:50 126976 ------w- c:\windows\system32\BrfxD05b.dll
2011-06-06 23:09:43 111928 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2011-06-06 23:09:42 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2011-06-06 23:05:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 23:04:11.85 ===============

Attached Files


Edited by nelly317, 03 July 2011 - 10:30 PM.


BC AdBot (Login to Remove)

 


#2 nelly317

nelly317
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 04 July 2011 - 04:26 PM

Good news! I was able to stop the Google redirects by running an updated version of TDSSkiller to remove the rootkit. From this point on, there are no more problems I can notice. However, if there is anything I can do to improve my computer's speed/security, I would appreciate the help at your earliest convenience. I would be glad to provide any logs you feel are necessary. Thanks!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:07 AM

Posted 04 July 2011 - 08:08 PM

If you need assistance with improving the speed of your computer start a new topic here: http://www.bleepingcomputer.com/forums/forum167.html

For improving the security you may want to post here: http://www.bleepingcomputer.com/forums/forum25.html

Topic closed.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users