Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP Gomeo type sites redirecting ISSUES

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 6th, 2011, 2:01 pm

and TDSS killer came up with this :
C:\Windows\system32\DRIVERS\nvstor32.sys - copied to quarantine
\HardDisk0\TDLFS\tdl - copied to quarantine
\HardDisk0\TDLFS\rsrc.dat - copied to quarantine
\HardDisk0\TDLFS\config.ini - copied to quarantine
\HardDisk0\TDLFS\cmd.dll - copied to quarantine
\HardDisk0\TDLFS\module.dll - copied to quarantine
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am
Advertisement
Register to Remove

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby Dakeyras » April 6th, 2011, 4:01 pm

Hi. :)

Thanks for the MBR attachment, I'll analyse that in due course.

and TDSS killer came up with this :
Most strange, when you ran the scan was their no option to Skip rather than auto quarantine?

As it stands one legitimate file may have been a false positive and if not we could have replaced it and will probably have to do so now. As for the rest they may be also false positive detections and or injected/patched by malware.

Anyway the log is incomplete, please check at the root of your system drive for:-

C:\TDSSKiller.2.4.21.0_DD.DD.DD_TT.TT.TT_log <-- DD/DD/DD TT/TT/TT.txt <-- denotes date/time log created.

And post that in your next reply if available. Also please reboot your machine and provide myself with a quick update as to its status etc, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 6th, 2011, 4:28 pm

Sorry, I didn't notice there was a skip option. Also it doesn't seem to save my logs so instead I will post a "Report". Here is the report from a scan I just did.

2011/04/06 21:26:36.0156 3524 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 21:26:36.0506 3524 ================================================================================
2011/04/06 21:26:36.0506 3524 SystemInfo:
2011/04/06 21:26:36.0506 3524
2011/04/06 21:26:36.0506 3524 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/06 21:26:36.0506 3524 Product type: Workstation
2011/04/06 21:26:36.0506 3524 ComputerName: THOMAS-PC
2011/04/06 21:26:36.0506 3524 UserName: Thomas
2011/04/06 21:26:36.0506 3524 Windows directory: C:\Windows
2011/04/06 21:26:36.0506 3524 System windows directory: C:\Windows
2011/04/06 21:26:36.0506 3524 Processor architecture: Intel x86
2011/04/06 21:26:36.0506 3524 Number of processors: 2
2011/04/06 21:26:36.0506 3524 Page size: 0x1000
2011/04/06 21:26:36.0506 3524 Boot type: Normal boot
2011/04/06 21:26:36.0506 3524 ================================================================================
2011/04/06 21:26:37.0140 3524 Initialize success
2011/04/06 21:26:39.0761 4052 ================================================================================
2011/04/06 21:26:39.0761 4052 Scan started
2011/04/06 21:26:39.0761 4052 Mode: Manual;
2011/04/06 21:26:39.0761 4052 ================================================================================
2011/04/06 21:26:40.0420 4052 3xHybrid (d9af0082d3f09f5007e5727798786cd8) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/04/06 21:26:40.0468 4052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/06 21:26:40.0502 4052 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/06 21:26:40.0533 4052 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/06 21:26:40.0556 4052 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/06 21:26:40.0580 4052 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/06 21:26:40.0650 4052 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/06 21:26:40.0694 4052 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/06 21:26:40.0717 4052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/06 21:26:40.0784 4052 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/04/06 21:26:40.0804 4052 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/06 21:26:40.0829 4052 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/04/06 21:26:40.0851 4052 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/06 21:26:40.0882 4052 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/06 21:26:40.0955 4052 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/06 21:26:40.0978 4052 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/06 21:26:41.0052 4052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 21:26:41.0083 4052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/06 21:26:41.0136 4052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/06 21:26:41.0216 4052 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 21:26:41.0259 4052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/06 21:26:41.0277 4052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/06 21:26:41.0325 4052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/06 21:26:41.0343 4052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/06 21:26:41.0373 4052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/06 21:26:41.0388 4052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/06 21:26:41.0413 4052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/06 21:26:41.0483 4052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 21:26:41.0504 4052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 21:26:41.0541 4052 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/06 21:26:41.0578 4052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/06 21:26:41.0637 4052 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 21:26:41.0665 4052 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/06 21:26:41.0686 4052 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/06 21:26:41.0708 4052 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/06 21:26:41.0755 4052 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 21:26:41.0809 4052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/06 21:26:41.0871 4052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 21:26:41.0907 4052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 21:26:41.0954 4052 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/06 21:26:42.0106 4052 EagleXNt (5bb45db51a00b56e369984819f2e4cf9) C:\Windows\system32\drivers\EagleXNt.sys
2011/04/06 21:26:42.0318 4052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/06 21:26:42.0384 4052 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/06 21:26:42.0455 4052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/06 21:26:42.0512 4052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 21:26:42.0550 4052 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 21:26:42.0597 4052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 21:26:42.0630 4052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 21:26:42.0645 4052 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 21:26:42.0666 4052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 21:26:42.0710 4052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 21:26:42.0749 4052 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/06 21:26:42.0777 4052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 21:26:42.0839 4052 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/06 21:26:42.0891 4052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 21:26:42.0918 4052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/06 21:26:42.0941 4052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/06 21:26:42.0978 4052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 21:26:43.0019 4052 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/06 21:26:43.0064 4052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 21:26:43.0091 4052 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/06 21:26:43.0125 4052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 21:26:43.0153 4052 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/06 21:26:43.0188 4052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/06 21:26:43.0335 4052 IntcAzAudAddService (544fcaf4cf73c6ef6a83747cb9274177) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/06 21:26:43.0420 4052 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/04/06 21:26:43.0459 4052 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 21:26:43.0508 4052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 21:26:43.0556 4052 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/06 21:26:43.0601 4052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/06 21:26:43.0658 4052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/06 21:26:43.0683 4052 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 21:26:43.0719 4052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 21:26:43.0745 4052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/06 21:26:43.0767 4052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/06 21:26:43.0797 4052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 21:26:43.0836 4052 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 21:26:43.0881 4052 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 21:26:43.0959 4052 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/04/06 21:26:44.0036 4052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 21:26:44.0082 4052 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/06 21:26:44.0110 4052 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/06 21:26:44.0134 4052 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/06 21:26:44.0182 4052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/06 21:26:44.0239 4052 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/06 21:26:44.0309 4052 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/06 21:26:44.0354 4052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/06 21:26:44.0394 4052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 21:26:44.0442 4052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 21:26:44.0477 4052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 21:26:44.0552 4052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 21:26:44.0606 4052 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/06 21:26:44.0650 4052 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/06 21:26:44.0761 4052 MpKsl4c2c9a56 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D9DD8583-E3F0-4419-8E1A-48027EE38A88}\MpKsl4c2c9a56.sys
2011/04/06 21:26:44.0832 4052 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/06 21:26:44.0852 4052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 21:26:44.0879 4052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/06 21:26:44.0916 4052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 21:26:44.0943 4052 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 21:26:44.0970 4052 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 21:26:44.0999 4052 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 21:26:45.0035 4052 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/04/06 21:26:45.0062 4052 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 21:26:45.0115 4052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 21:26:45.0158 4052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 21:26:45.0241 4052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 21:26:45.0315 4052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 21:26:45.0354 4052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 21:26:45.0399 4052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 21:26:45.0431 4052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 21:26:45.0457 4052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 21:26:45.0482 4052 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/06 21:26:45.0502 4052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/06 21:26:45.0543 4052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 21:26:45.0597 4052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/06 21:26:45.0648 4052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 21:26:45.0676 4052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 21:26:45.0701 4052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 21:26:45.0737 4052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 21:26:45.0757 4052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 21:26:45.0781 4052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 21:26:45.0842 4052 netr28u (4131e8f614ec61868996503a168219bc) C:\Windows\system32\DRIVERS\netr28u.sys
2011/04/06 21:26:45.0898 4052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/06 21:26:45.0931 4052 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/06 21:26:45.0995 4052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 21:26:46.0029 4052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 21:26:46.0106 4052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 21:26:46.0148 4052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/06 21:26:46.0169 4052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/06 21:26:46.0233 4052 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/04/06 21:26:46.0450 4052 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/06 21:26:46.0675 4052 NVNET (d02b697f105de7f7e3e0b115d8bfb8f3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/06 21:26:46.0718 4052 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 21:26:46.0744 4052 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 21:26:46.0779 4052 nvstor32 (fe52edd7f24b25c76728101f9a8abee7) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/04/06 21:26:46.0780 4052 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nvstor32.sys. Real md5: fe52edd7f24b25c76728101f9a8abee7, Fake md5: 3ff57a9a657c9690ecbc8b1e3b6e3979
2011/04/06 21:26:46.0786 4052 nvstor32 - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/06 21:26:46.0835 4052 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 21:26:46.0919 4052 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/06 21:26:46.0981 4052 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/06 21:26:47.0021 4052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 21:26:47.0046 4052 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/06 21:26:47.0075 4052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/06 21:26:47.0114 4052 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/06 21:26:47.0137 4052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/06 21:26:47.0204 4052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/06 21:26:47.0303 4052 Ph3xIB32 (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/04/06 21:26:47.0557 4052 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/06 21:26:47.0654 4052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 21:26:47.0677 4052 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/06 21:26:47.0721 4052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 21:26:47.0771 4052 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/06 21:26:47.0807 4052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/06 21:26:47.0849 4052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 21:26:47.0886 4052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 21:26:47.0910 4052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 21:26:47.0950 4052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 21:26:47.0981 4052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 21:26:48.0017 4052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 21:26:48.0050 4052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 21:26:48.0089 4052 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 21:26:48.0109 4052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 21:26:48.0143 4052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 21:26:48.0210 4052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 21:26:48.0247 4052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 21:26:48.0299 4052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 21:26:48.0338 4052 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/06 21:26:48.0380 4052 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/06 21:26:48.0409 4052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/06 21:26:48.0446 4052 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 21:26:48.0467 4052 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 21:26:48.0488 4052 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 21:26:48.0503 4052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/06 21:26:48.0534 4052 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/06 21:26:48.0566 4052 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/06 21:26:48.0592 4052 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/06 21:26:48.0623 4052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 21:26:48.0676 4052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/06 21:26:48.0719 4052 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 21:26:48.0747 4052 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 21:26:48.0772 4052 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 21:26:48.0847 4052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 21:26:48.0882 4052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/06 21:26:48.0901 4052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/06 21:26:48.0928 4052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/06 21:26:48.0988 4052 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 21:26:49.0026 4052 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 21:26:49.0051 4052 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 21:26:49.0091 4052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 21:26:49.0111 4052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 21:26:49.0140 4052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 21:26:49.0175 4052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 21:26:49.0230 4052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 21:26:49.0273 4052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/06 21:26:49.0318 4052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 21:26:49.0353 4052 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/06 21:26:49.0392 4052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 21:26:49.0447 4052 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 21:26:49.0483 4052 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/06 21:26:49.0516 4052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/06 21:26:49.0544 4052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/06 21:26:49.0567 4052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 21:26:49.0635 4052 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/06 21:26:49.0667 4052 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/06 21:26:49.0707 4052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 21:26:49.0728 4052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 21:26:49.0772 4052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 21:26:49.0813 4052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 21:26:49.0839 4052 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/06 21:26:49.0874 4052 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 21:26:49.0911 4052 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/06 21:26:49.0946 4052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 21:26:49.0993 4052 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 21:26:50.0025 4052 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 21:26:50.0059 4052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/06 21:26:50.0083 4052 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/06 21:26:50.0111 4052 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/06 21:26:50.0149 4052 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/04/06 21:26:50.0189 4052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 21:26:50.0240 4052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 21:26:50.0287 4052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 21:26:50.0326 4052 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/06 21:26:50.0375 4052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/06 21:26:50.0410 4052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 21:26:50.0421 4052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 21:26:50.0455 4052 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/06 21:26:50.0486 4052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 21:26:50.0597 4052 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/06 21:26:50.0646 4052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 21:26:50.0698 4052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 21:26:50.0767 4052 ================================================================================
2011/04/06 21:26:50.0767 4052 Scan finished
2011/04/06 21:26:50.0767 4052 ================================================================================
2011/04/06 21:26:50.0777 2784 Detected object count: 1
2011/04/06 21:26:58.0191 2784 Rootkit.Win32.TDSS.tdl3(nvstor32) - User select action: Skip
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby Dakeyras » April 6th, 2011, 4:56 pm

Sorry, I didn't notice there was a skip option. Also it doesn't seem to save my logs so instead I will post a "Report". Here is the report from a scan I just did.
OK fair play, the MBR appears to be clean(not a standard Vista one as I mentioned in prior post, so this may be a problem) though on the low level side(Partition Table) within the actual partition it is suspect and those hooks(binary data) have been removed by TDSSKiller. So I would like another check/look at a new MBR dump.

So the present MBR.dat file on the desktop please move to form of removable storage media as a precaution...

Re-run aswMBR again as outlined here. Post the new log in your next reply and also attach the new MBR.dat so I can analyse that one, thank you.

Next:

Please download SystemLookfrom one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Right-click on SystemLook.exe and select Run as Administrator to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    nvstor32.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next:

Please do carry out the following/provide what I asked...

Also please reboot your machine and provide myself with a quick update as to its status etc, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 7th, 2011, 11:18 am

here is the new MBR log and .dat file :

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 16:16:38
-----------------------------
16:16:38.993 OS Version: Windows 6.0.6002 Service Pack 2
16:16:38.993 Number of processors: 2 586 0xF06
16:16:38.994 ComputerName: THOMAS-PC UserName: Thomas
16:16:40.994 Initialize success
16:16:42.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
16:16:42.734 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
16:16:42.735 Device \Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD502HJ#4&358dcf36&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
16:16:42.737 Disk 0 MBR read error
16:16:42.739 Disk 0 MBR scan
16:16:42.741 MBR BIOS signature not found 0
16:16:42.743 Disk 0 scanning sectors +976771072
16:16:42.746 Disk 0 scanning C:\Windows\system32\drivers
16:16:46.896 Service scanning
16:16:48.017 Disk 0 trace - called modules:
16:16:48.040 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x852d7ecc]<<
16:16:48.043 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86167a30]
16:16:48.046 3 CLASSPNP.SYS[82fab8b3] -> nt!IofCallDriver -> [0x85260520]
16:16:48.049 5 acpi.sys[806996bc] -> nt!IofCallDriver -> [0x8528bc90]
16:16:48.054 [0x8683caf8] -> IRP_MJ_CREATE -> 0x852d7ecc
16:16:48.058 Scan finished successfully
You do not have the required permissions to view the files attached to this post.
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 7th, 2011, 11:21 am

Again when i clicked the amazon link it came up with this site : hxxp://search.uk.betterdeals.co.uk/?act ... ord=amazon
Last edited by Cypher on April 7th, 2011, 12:03 pm, edited 1 time in total.
Reason: Disabled malicious URL
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 7th, 2011, 11:22 am

And this is what system look came up with :

SystemLook 04.09.10 by jpshortstuff
Log created at 16:19 on 07/04/2011 by Thomas
Administrator - Elevation successful

========== filefind ==========

Searching for "nvstor32.sys"
C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvstor32.sys --a---- 213024 bytes [17:44 04/08/2009] [17:44 04/08/2009] 269DE658DEAF032564E8B6430B5BD170
C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sata_ide\nvstor32.sys --a---- 213024 bytes [17:43 04/08/2009] [17:43 04/08/2009] 3FF57A9A657C9690ECBC8B1E3B6E3979
C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvstor32.sys --a---- 213024 bytes [17:44 04/08/2009] [17:44 04/08/2009] 269DE658DEAF032564E8B6430B5BD170
C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sata_ide\nvstor32.sys --a---- 213024 bytes [17:43 04/08/2009] [17:43 04/08/2009] 3FF57A9A657C9690ECBC8B1E3B6E3979
C:\Windows\System32\drivers\nvstor32.sys --a---- 213024 bytes [17:43 04/08/2009] [17:43 04/08/2009] 3FF57A9A657C9690ECBC8B1E3B6E3979
C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_dcdb2e54\nvstor32.sys --a---- 213024 bytes [17:43 04/08/2009] [17:43 04/08/2009] 3FF57A9A657C9690ECBC8B1E3B6E3979

-= EOF =-
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby Dakeyras » April 7th, 2011, 11:43 am

gander wrote:Again when i clicked the amazon link it came up with this site : hXXp://search.uk.betterdeals.co.uk/?act ... ord=amazon
Please refrain from posting anymore active URL's. A brief description will suffice, thank you.

I will post back in due course with further instructions.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 7th, 2011, 12:42 pm

ok sorry :oops:
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby Dakeyras » April 7th, 2011, 2:52 pm

Hi. :)

ok sorry :oops:
Fair play. Lets proceed as follows shall we...

Re-run aswMBR again, delete the log created and then move the new MBR.dat file to a form of removable storage media as a precaution.

Next:

Ensure hidden files are visible via checking as follows:-

  • Click Start(Vista orb).
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-
Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=56268
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\System32\drivers\nvstor32.sys

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Re-scan with aswMBR:

  • Right-click the aswMBR.exe select Run as Administrator to run it
  • Click the Scan button to start the scan.
  • On completion of the scan, click the Fix MBR button.
  • When the Fix MBR process has completed, please save the log file, to your desktop, as you have done so prior.
  • Copy and paste the contents of the log file in your next reply.

Next:

Please reboot your machine and let myself know if any further issues? Still search engine redirects?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 7th, 2011, 5:57 pm

I am not entirely sure on what this means :
move the new MBR.dat file to a form of removable storage media as a precaution.


And this is the MBR log :
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 16:16:38
-----------------------------
16:16:38.993 OS Version: Windows 6.0.6002 Service Pack 2
16:16:38.993 Number of processors: 2 586 0xF06
16:16:38.994 ComputerName: THOMAS-PC UserName: Thomas
16:16:40.994 Initialize success
16:16:42.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
16:16:42.734 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
16:16:42.735 Device \Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD502HJ#4&358dcf36&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
16:16:42.737 Disk 0 MBR read error
16:16:42.739 Disk 0 MBR scan
16:16:42.741 MBR BIOS signature not found 0
16:16:42.743 Disk 0 scanning sectors +976771072
16:16:42.746 Disk 0 scanning C:\Windows\system32\drivers
16:16:46.896 Service scanning
16:16:48.017 Disk 0 trace - called modules:
16:16:48.040 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x852d7ecc]<<
16:16:48.043 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86167a30]
16:16:48.046 3 CLASSPNP.SYS[82fab8b3] -> nt!IofCallDriver -> [0x85260520]
16:16:48.049 5 acpi.sys[806996bc] -> nt!IofCallDriver -> [0x8528bc90]
16:16:48.054 [0x8683caf8] -> IRP_MJ_CREATE -> 0x852d7ecc
16:16:48.058 Scan finished successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 23:00:05
-----------------------------
23:00:05.819 OS Version: Windows 6.0.6002 Service Pack 2
23:00:05.819 Number of processors: 2 586 0xF06
23:00:05.820 ComputerName: THOMAS-PC UserName: Thomas
23:00:07.465 Initialize success
23:00:08.741 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
23:00:08.743 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
23:00:08.745 Device \Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD502HJ#4&358dcf36&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
23:00:08.747 Disk 0 MBR read error
23:00:08.749 Disk 0 MBR scan
23:00:08.751 MBR BIOS signature not found 0
23:00:08.753 Disk 0 scanning sectors +976771072
23:00:08.756 Disk 0 scanning C:\Windows\system32\drivers
23:00:12.738 Service scanning
23:00:13.808 Disk 0 trace - called modules:
23:00:13.825 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x852d7ecc]<<
23:00:13.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861d8ac8]
23:00:13.831 3 CLASSPNP.SYS[82f9d8b3] -> nt!IofCallDriver -> [0x8488d700]
23:00:13.834 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> [0x85256c90]
23:00:13.838 [0x86c2cd88] -> IRP_MJ_CREATE -> 0x852d7ecc
23:00:13.841 Scan finished successfully
23:00:15.268 Disk 0 MBR fix error
23:00:17.740 Disk 0 MBR fix error
23:00:18.228 Disk 0 MBR fix error
23:00:18.748 Disk 0 MBR fix error
23:00:18.956 Disk 0 MBR fix error
23:00:19.148 Disk 0 MBR fix error
23:00:19.356 Disk 0 MBR fix error
23:00:19.540 Disk 0 MBR fix error
23:00:19.748 Disk 0 MBR fix error
23:00:20.116 Disk 0 MBR fix error
23:00:20.348 Disk 0 MBR fix error
23:00:20.604 Disk 0 MBR fix error
23:00:20.860 Disk 0 MBR fix error
23:00:21.148 Disk 0 MBR fix error
23:00:21.436 Disk 0 MBR fix error
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-07 23:01:03
-----------------------------
23:01:03.862 OS Version: Windows 6.0.6002 Service Pack 2
23:01:03.862 Number of processors: 2 586 0xF06
23:01:03.862 ComputerName: THOMAS-PC UserName: Thomas
23:01:05.588 Initialize success
23:01:06.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
23:01:06.441 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
23:01:06.442 Device \Device\0000005f -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD502HJ#4&358dcf36&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
23:01:06.444 Disk 0 MBR read error
23:01:06.446 Disk 0 MBR scan
23:01:06.449 MBR BIOS signature not found 0
23:01:06.451 Disk 0 scanning sectors +976771072
23:01:06.454 Disk 0 scanning C:\Windows\system32\drivers
23:01:10.348 Service scanning
23:01:11.497 Disk 0 trace - called modules:
23:01:11.517 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x852d7ecc]<<
23:01:11.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861d8ac8]
23:01:11.523 3 CLASSPNP.SYS[82f9d8b3] -> nt!IofCallDriver -> [0x8488d700]
23:01:11.526 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> [0x85256c90]
23:01:11.530 [0x86c2cd88] -> IRP_MJ_CREATE -> 0x852d7ecc
23:01:11.533 Scan finished successfully
23:01:12.884 Disk 0 MBR fix error
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 7th, 2011, 6:02 pm

also no. i am still being redirected. I think it's because MBR Fix had an error or something in the log =]
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby Dakeyras » April 7th, 2011, 6:54 pm

Hi, :)

also no. i am still being redirected. I think it's because MBR Fix had an error or something in the log =]
Fair play....This appears to be a serious problem and one that is beyond myself to fathom I freely admit. I am going to ask a well respected colleague of mine to intercede, so please bare with myself OK. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby Dakeyras » April 8th, 2011, 6:34 am

Hi. :)

Please delete your copy of TDSSKiller.exe and then empty the Recycle Bin. Then download a new copy of TDSSKiller.zip and extract (unzip) it to your Desktop.

Re-can with TDSSKiller:

  • Right-click TDSSKiller.exe and select Run as Administrator.
  • Under "Objects to scan" ensure both "Services and drivers" & "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If Malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply

Next:

Let myself know if any further issues? Still search engine redirects?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HELP Gomeo type sites redirecting ISSUES

Unread postby gander » April 8th, 2011, 10:15 am

Sorry, I am going on a weekend holiday so I won't respond till Monday.
Please don't delete this post :(

Cya on Monday!!!
gander
Regular Member
 
Posts: 39
Joined: March 27th, 2011, 8:44 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware