Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abnow.com redirects Google search, help?


  • Please log in to reply
4 replies to this topic

#1 Mamadas

Mamadas

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 27 March 2012 - 02:35 PM

hello everyone

i have this issue for around 4/5 days and i cant seem to be able to fix it regarding following steppes that were suggested to other known infected pcs.

i tried everything here : http://forums.majorgeeks.com/showthread.php?t=230267 and the problem is still present.

i use a Windows 7

my browser is Mozilla Firefox

and when i try to search anything on google.com and i click to access the link it redirects me to Abnow.com

i have some logs and i will try to put them here, thank you for your time and patience.

BC AdBot (Login to Remove)

 


#2 Mamadas

Mamadas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 27 March 2012 - 02:38 PM

GooredFix


GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:10 on 27/03/2012 (David)
Firefox version 10.0.2 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:18 04/12/2010]

C:\Users\David\Application Data\Mozilla\Firefox\Profiles\1q7kal2y.default\extensions\
engine@conduit.com [23:22 15/04/2011]
personas@christopher.beard [23:22 15/04/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

---------- Old Logs ----------
GooredFix[17.09.39_27-03-2012].txt

-=E.O.F=-

#3 Mamadas

Mamadas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 27 March 2012 - 02:40 PM

MBRCheck, version 1.2.3


Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 147):
0x02A1E000 \SystemRoot\system32\ntoskrnl.exe
0x02FFA000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00C01000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C45000 \SystemRoot\system32\PSHED.dll
0x00C59000 \SystemRoot\system32\CLFS.SYS
0x00CB7000 \SystemRoot\system32\CI.dll
0x00D77000 \SystemRoot\system32\drivers\50339036.sys
0x00E9D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F41000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01086000 \SystemRoot\System32\Drivers\sptd.sys
0x011BA000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011C3000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F50000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x00F83000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F98000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E2A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E33000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E5D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D99000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E68000 \SystemRoot\system32\drivers\fileinfo.sys
0x0125C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014F1000 \SystemRoot\System32\Drivers\msrpc.sys
0x0154F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01569000 \SystemRoot\System32\Drivers\cng.sys
0x015DC000 \SystemRoot\System32\drivers\pcw.sys
0x015ED000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01608000 \SystemRoot\system32\drivers\ndis.sys
0x016FA000 \SystemRoot\system32\drivers\NETIO.SYS
0x0175A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01785000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017CF000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017DF000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E7000 \SystemRoot\System32\Drivers\mup.sys
0x01486000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0148F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014C9000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02CDE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D08000 \SystemRoot\System32\Drivers\Null.SYS
0x02D11000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D18000 \SystemRoot\System32\drivers\vga.sys
0x02D26000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D4B000 \SystemRoot\System32\drivers\watchdog.sys
0x02D5B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D64000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D6D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D76000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D81000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D92000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DB0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x02C89000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CCE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DBD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DE3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04280000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x042C3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x042DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x042F2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04343000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0434F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0435A000 \SystemRoot\System32\drivers\discache.sys
0x04369000 \SystemRoot\system32\drivers\csc.sys
0x04200000 \SystemRoot\System32\Drivers\dfsc.sys
0x0421E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0422F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04255000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0408B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0721D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x040D6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04046000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x079F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x06E40000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x06E96000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x06EA7000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x06ED9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x06F17000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x06F1F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x06F2F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06F45000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06F69000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06F75000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06FA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06FBF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06FE0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x06E00000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x06E0B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x06E16000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06E25000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x06E34000 \SystemRoot\system32\DRIVERS\swenum.sys
0x07C96000 \SystemRoot\system32\DRIVERS\ks.sys
0x07CD9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07CEB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07D45000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07D5A000 \SystemRoot\system32\drivers\AtihdW76.sys
0x07D7A000 \SystemRoot\system32\drivers\portcls.sys
0x07DB7000 \SystemRoot\system32\drivers\drmk.sys
0x07DD9000 \SystemRoot\system32\drivers\ksthunk.sys
0x07C00000 \SystemRoot\system32\drivers\HdAudio.sys
0x07C5C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07C6A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07C76000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07C7F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07DDF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07DFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00020000 \SystemRoot\System32\win32k.sys
0x07200000 \SystemRoot\System32\drivers\Dxapi.sys
0x0720C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0406A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06E36000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x041D7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0426B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x043EC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x01230000 \SystemRoot\system32\drivers\luafv.sys
0x00E7C000 \SystemRoot\system32\drivers\WudfPf.sys
0x00DE5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03C6C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03C84000 \SystemRoot\system32\drivers\HTTP.sys
0x03D4C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03D79000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03D97000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03DC4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x062B2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06319000 \SystemRoot\System32\DRIVERS\srv.sys
0x06200000 \SystemRoot\system32\drivers\peauth.sys
0x062A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x063AE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x772E0000 \Windows\System32\ntdll.dll
0x480C0000 \Windows\System32\smss.exe
0xFF600000 \Windows\System32\apisetschema.dll
0xFF910000 \Windows\System32\autochk.exe

Processes (total 44):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
404 csrss.exe
464 C:\Windows\System32\wininit.exe
492 csrss.exe
556 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\atiesrxx.exe
952 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
284 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\audiodg.exe
856 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\spoolsv.exe
1372 C:\Windows\System32\atieclxx.exe
1620 C:\Windows\System32\svchost.exe
1648 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
1732 C:\Windows\System32\taskhost.exe
1840 C:\Windows\System32\dwm.exe
1912 C:\Windows\explorer.exe
2040 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1228 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
1820 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2260 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2444 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2484 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2608 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2808 C:\Windows\System32\SearchIndexer.exe
2916 C:\Program Files\Windows Media Player\wmpnetwk.exe
2088 C:\Windows\System32\svchost.exe
2452 C:\Windows\System32\svchost.exe
2596 WmiPrvSE.exe
2888 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3592 C:\Windows\System32\SearchProtocolHost.exe
3612 C:\Windows\System32\SearchFilterHost.exe
3688 C:\Users\David\Downloads\MBRCheck(1).exe
3696 C:\Windows\System32\conhost.exe
3716 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000007a`12100000
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC38
PhysicalDrive1 Model Number: SAMSUNGHM321HI, Rev:

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

#4 Mamadas

Mamadas
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 27 March 2012 - 02:43 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software


Run date: 2012-03-27 20:26:53
-----------------------------
20:26:53.433 OS Version: Windows x64 6.1.7600
20:26:53.433 Number of processors: 8 586 0x1A05
20:26:53.433 ComputerName: DAVID-PC UserName: David
20:27:01.052 Initialize success
20:32:20.666 AVAST engine defs: 12032701
20:37:52.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:37:52.187 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
20:37:52.200 Disk 0 MBR read successfully
20:37:52.203 Disk 0 MBR scan
20:37:52.214 Disk 0 Windows 7 default MBR code
20:37:52.225 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:37:52.235 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 499900 MB offset 206848
20:37:52.257 Disk 0 Partition 3 00 06 FAT16 453867 MB offset 1024002048
20:37:52.287 Disk 0 scanning C:\Windows\system32\drivers
20:37:58.939 Service scanning
20:38:03.554 Service lvpopflt C:\Windows\system32\lbrtfdc.dll **INFECTED** Win64:Sirefef-E [Trj]
20:38:10.159 Modules scanning
20:38:10.159 Disk 0 trace - called modules:
20:38:10.197 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:38:10.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f9060]
20:38:10.198 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800630e520]
20:38:10.198 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006310060]
20:38:11.575 AVAST engine scan C:\Windows
20:38:12.940 AVAST engine scan C:\Windows\system32
20:38:20.352 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
20:38:39.349 File: C:\Windows\system32\lbrtfdc.dll **INFECTED** Win64:Sirefef-E [Trj]
20:39:26.535 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:39:27.877 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:40:15.427 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
20:40:15.467 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
20:40:15.498 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
20:40:15.521 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
20:40:15.545 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
20:40:15.584 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
20:40:15.621 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
20:40:15.653 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
20:40:15.682 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
20:40:15.701 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
20:40:15.730 File: C:\Windows\assembly\tmp\U\800000cf.@ **INFECTED** Win32:Malware-gen
20:40:15.747 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
20:40:16.107 AVAST engine scan C:\Windows\system32\drivers
20:40:24.447 AVAST engine scan C:\Users\David
20:40:41.565 File: C:\Users\David\AppData\Local\cf29e349\U\80000000.@ **INFECTED** Win32:Malware-gen
20:40:41.603 File: C:\Users\David\AppData\Local\cf29e349\U\800000cb.@ **INFECTED** Win32:Malware-gen
20:40:41.637 File: C:\Users\David\AppData\Local\cf29e349\U\800000cf.@ **INFECTED** Win32:Malware-gen
20:40:41.673 File: C:\Users\David\AppData\Local\cf29e349\X **INFECTED** Win32:Sirefef-IX [Trj]
20:41:48.175 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
20:41:48.184 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

if i did something wrong or if you guys need some more information to help me out, please just ask, i would be grateful for any help.

once again thank you.

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:20 AM

Posted 27 March 2012 - 02:56 PM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users