Philmin

Maniac, The infected laptop was never physically wired to a network. It was on my wireless network at home. When the laptop became infected the wireless function stopped working as well as some other services. I have been using my desktop to communicate to you and download the programs for malware bytes and transferring to USB drive. I will use the recovery disks for the Toshiba laptop and reinstall OS. Thanks for your help and advice. Phil

1st log Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.01.07 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 SusieM :: SUSIEM-PC [administrator] 12/1/2012 12:08:38 PM mbar-log-2012-12-01 (12-08-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 29761 Time elapsed: 11 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Users\SusieM\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Delete on reboot. [2b48a518f56864d294ebe2fa08f841bf] C:\Users\SusieM\Local Settings\Temp\msimg32.dll (RootKit.0Access) -> Delete on reboot. [b9ba6d508cd1d75fb5ca03d942bed828] C:\Users\SusieM\Local Settings\Application Data\Temp\msimg32.dll (RootKit.0Access) -> Delete on reboot. [e58ec9f4b2ab4de9b8c7528a0af6c937] C:\Users\SusieM\Local Settings\Temporary Internet Files\Content.IE5\VAXFSBM9\load_53[1].exe (RootKit.0Access) -> Delete on reboot. [3c370bb2dd8045f1770836a617e9619f] C:\Users\SusieM\Local Settings\Application Data\Temporary Internet Files\Content.IE5\VAXFSBM9\load_53[1].exe (RootKit.0Access) -> Delete on reboot. [bcb7308df469f44289f6c616da268878] C:\Users\SusieM\AppData\Local\Temporary Internet Files\Content.IE5\VAXFSBM9\load_53[1].exe (RootKit.0Access) -> Delete on reboot. [5f14ad10fc613ef8403f94487c842ed2] (end) 2nd log rescan Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.01.07 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 SusieM :: SUSIEM-PC [administrator] 12/1/2012 12:26:02 PM mbar-log-2012-12-01 (12-26-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 29733 Time elapsed: 11 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Maniac, Could only run the scans in SAFE MODE. After the removal of the infected files, I rebooted. The computer still runs slow. Same services not operational. what is next? Thanks, Phil

I am willing to try the repair. If all else fails I have the recovery disk to reload. What can I do first? Thanks for help! Phil

Yes, I have the pro version. Can you advise from looking at my previous post with the RougeKiller report? Phil

Maniac, I am a paid member using Malwarebytes on my computer. My wife is using mcAfee supplied from the local cable company. What do you mean by being a paid member?

I got roguekiller to run. Here is the report; RogueKiller V8.3.1 [Nov 25 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Safe mode User : SusieM [Admin rights] Mode : Scan -- Date : 11/25/2012 18:40:37 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] HelpPane.exe -- C:\Windows\HelpPane.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 5588a7e3380694430a56e77d3d1b42bf [bSP] 8369f79d6a8806abc521b080ee75eb65 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229555 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473202688 | Size: 7419 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11252012_02d1840.txt >> RKreport[1]_S_11252012_02d1840.txt Any help appreciated, Phil

My wife clicked on an attacment for an itune card, just fill out the survey for HULU. It appears services were lost. DHCP, malwarebytes, wireless networks...etc. Also slow and sluggish. In the safe mode I was able to scan using a very old definition file malwarebyte program. Seems I have "Exploit.Drop" Saw a thread for Exploit.drop.9. It was not very clear to me how to do this removal for a Vista Home Premium system. No network access at this time. Thumbdrives not recognized. Any help appreciated! Very close to use recovery disks and start over. I have a backup for my docs. Thanks, Phil