Hi,
had some trouble with my laptop, IE was hijacked and had a fake Anti-virus software installed. plus other evil software installed, Microsoft security essentials gives a clean bill of health. have passed, attached logs from the 8 steps
Malwarebytes Anti-Malware log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4024
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23/04/2010 02:56:36
mbam-log-2010-04-23 (02-56-36).txt
Scan type: Quick scan
Objects scanned: 114429
Time elapsed: 5 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
GMER log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 07:37:34
Windows 5.1.2600 Service Pack 3
Running: w6eme5zk.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\pfloqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? dxdipsrq.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[4640] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\BTHUSB \Device\000000a4 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a6 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 97F00D20
Device 97EFD7B4
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@0023453465b0 0x4B 0xDA 0x3E 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ccd6922 0x85 0x2C 0x4C 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ce74068 0xB9 0x88 0x2A 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@0023453465b0 0x4B 0xDA 0x3E 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ccd6922 0x85 0x2C 0x4C 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ce74068 0xB9 0x88 0x2A 0x24 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6089530B-B819-11B3-37CA-9C4BEB185E28}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6089530B-B819-11B3-37CA-9C4BEB185E28}@pafdbebfnjoeibcfbaopbnimbgkmamhj 0x69 0x61 0x65 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6089530B-B819-11B3-37CA-9C4BEB185E28}@oapfdjhcmekiigjabmcefeiadfhioe 0x69 0x61 0x65 0x64 ...
---- EOF - GMER 1.0.15 ----
both DDS logs: DDS.txt and Attach.txt are attached because of their size
Thank you for your time looking at this
Brian
had some trouble with my laptop, IE was hijacked and had a fake Anti-virus software installed. plus other evil software installed, Microsoft security essentials gives a clean bill of health. have passed, attached logs from the 8 steps
Malwarebytes Anti-Malware log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4024
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23/04/2010 02:56:36
mbam-log-2010-04-23 (02-56-36).txt
Scan type: Quick scan
Objects scanned: 114429
Time elapsed: 5 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
GMER log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 07:37:34
Windows 5.1.2600 Service Pack 3
Running: w6eme5zk.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\pfloqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? dxdipsrq.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[4640] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\BTHUSB \Device\000000a4 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a6 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 97F00D20
Device 97EFD7B4
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@0023453465b0 0x4B 0xDA 0x3E 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ccd6922 0x85 0x2C 0x4C 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ce74068 0xB9 0x88 0x2A 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@0023453465b0 0x4B 0xDA 0x3E 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ccd6922 0x85 0x2C 0x4C 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60b8a9@00247ce74068 0xB9 0x88 0x2A 0x24 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6089530B-B819-11B3-37CA-9C4BEB185E28}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6089530B-B819-11B3-37CA-9C4BEB185E28}@pafdbebfnjoeibcfbaopbnimbgkmamhj 0x69 0x61 0x65 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6089530B-B819-11B3-37CA-9C4BEB185E28}@oapfdjhcmekiigjabmcefeiadfhioe 0x69 0x61 0x65 0x64 ...
---- EOF - GMER 1.0.15 ----
both DDS logs: DDS.txt and Attach.txt are attached because of their size
Thank you for your time looking at this
Brian