Philmin
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Philmin
-
-
1st log
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.12.01.07
Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
SusieM :: SUSIEM-PC [administrator]
12/1/2012 12:08:38 PM
mbar-log-2012-12-01 (12-08-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 29761
Time elapsed: 11 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Users\SusieM\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Delete on reboot. [2b48a518f56864d294ebe2fa08f841bf]
C:\Users\SusieM\Local Settings\Temp\msimg32.dll (RootKit.0Access) -> Delete on reboot. [b9ba6d508cd1d75fb5ca03d942bed828]
C:\Users\SusieM\Local Settings\Application Data\Temp\msimg32.dll (RootKit.0Access) -> Delete on reboot. [e58ec9f4b2ab4de9b8c7528a0af6c937]
C:\Users\SusieM\Local Settings\Temporary Internet Files\Content.IE5\VAXFSBM9\load_53[1].exe (RootKit.0Access) -> Delete on reboot. [3c370bb2dd8045f1770836a617e9619f]
C:\Users\SusieM\Local Settings\Application Data\Temporary Internet Files\Content.IE5\VAXFSBM9\load_53[1].exe (RootKit.0Access) -> Delete on reboot. [bcb7308df469f44289f6c616da268878]
C:\Users\SusieM\AppData\Local\Temporary Internet Files\Content.IE5\VAXFSBM9\load_53[1].exe (RootKit.0Access) -> Delete on reboot. [5f14ad10fc613ef8403f94487c842ed2]
(end)
2nd log rescan
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.12.01.07
Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
SusieM :: SUSIEM-PC [administrator]
12/1/2012 12:26:02 PM
mbar-log-2012-12-01 (12-26-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 29733
Time elapsed: 11 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Maniac,
Could only run the scans in SAFE MODE. After the removal of the infected files, I rebooted. The computer still runs slow. Same services not operational. what is next? Thanks,
Phil
-
I am willing to try the repair. If all else fails I have the recovery disk to reload. What can I do first? Thanks for help!
Phil
-
Yes, I have the pro version. Can you advise from looking at my previous post with the RougeKiller report?
Phil
-
Maniac,
I am a paid member using Malwarebytes on my computer. My wife is using mcAfee supplied from the local cable company. What do you mean by being a paid member?
-
I got roguekiller to run. Here is the report;
RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : SusieM [Admin rights]
Mode : Scan -- Date : 11/25/2012 18:40:37
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] HelpPane.exe -- C:\Windows\HelpPane.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5588a7e3380694430a56e77d3d1b42bf
[bSP] 8369f79d6a8806abc521b080ee75eb65 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229555 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473202688 | Size: 7419 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11252012_02d1840.txt >>
RKreport[1]_S_11252012_02d1840.txt
Any help appreciated,
Phil
-
My wife clicked on an attacment for an itune card, just fill out the survey for HULU. It appears services were lost. DHCP, malwarebytes, wireless networks...etc. Also slow and sluggish. In the safe mode I was able to scan using a very old definition file malwarebyte program. Seems I have "Exploit.Drop" Saw a thread for Exploit.drop.9. It was not very clear to me how to do this removal for a Vista Home Premium system. No network access at this time. Thumbdrives not recognized. Any help appreciated! Very close to use recovery disks and start over. I have a backup for my docs. Thanks,
Phil
exploit.drop removal problem
in Resolved Malware Removal Logs
Posted
Maniac,
The infected laptop was never physically wired to a network. It was on my wireless network at home. When the laptop became infected the wireless function stopped working as well as some other services. I have been using my desktop to communicate to you and download the programs for malware bytes and transferring to USB drive. I will use the recovery disks for the Toshiba laptop and reinstall OS. Thanks for your help and advice.
Phil