Jump to content

pongboy

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kevin, Everything looks good. Sorry I didn't reply earlier but I wanted to see it run because it has been awhile. I do appreciate your help and persistence with this one. I now see how little I know about virus/malware removal and more importantly the log analysis. I like doing this kind of stuff. Unfortunately, I have a friend whose two daughters keeps me very busy. They go surfing and clicking and I go cleaning. They have given me alot of experience over the past several years. I am the neighborhood geek too so I see alot of slow computers that come back to life with just the basics. But after this experience, I now know I need to learn alot more. Do the files that were uploaded need to be dealt with? I have used 3.06mb of my 20mb global upload quota. I have an offline question if that is permissable. If not, no worries. Thanks
  2. Here is the Combofix log. I then ran ESET and it found 3 threats and successfully removed them. - probably a variant of Win32/Adware.Softomate.AD application
  3. The program ran and finished. I glanced through the log and accidentally closed it before I could save it. However, before closed it I did see that the sistemanet registry entry was successfully deleted. Then I rebooted the computer and logged in like usual. I checked the registry through regedit and confirmed that the key was deleted. It "feels" much better. I have been around enough sick ones to be able to tell something is not quite right just by clicking around a bit checking standard settings and things like that. It's snappy, the windows pop right up. So, at the end you asked me to post a new OTL log. Did you mean the one I accidentally closed or am I going to run it again? Is it too early to say how good it feels to take another virus out of commission?
  4. Here is the log. I just realized that when I booted up with the cd that there was no internet connection. OTL.txt
  5. It did not ask me if I wish to load the remote registry. It didn't ask for the location of the windows folder. Is that ok? I have not run yet until will wait until I hear from you.
  6. Came up clean. When using the Kaspersky registry editor, it does not show the HKCU hive. If I am in any other user, the sistemanet key is not present. It only shows when I am logged in as LMAdmin username in normal windows or in safe mode. There is a backup account and an administrator account. This does not show up there. I think we have done everything we can try plus a few things. I am ready to wipe the hard drive and reinstall everything unless you have something else.
  7. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-03 20:41:12 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b SAMSUNG_SP1604N/R rev.TM100-24 Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldapob.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1756] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ubohci \Device\UBOHCI0 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.) Device \Driver\ubohci \Device\C1394 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
  8. Ok, I found out what the line thing is. There is an editing toolbar that has Bold Italics Underline and Stike Through (an S with a line thing going through it) Somehow when I get ready to reply, it turns on. My mouse isn't near it so not sure how I am doing it but it started on this reply and I looked around the screen. Anyway, I ran a quick scan with Windows Defender Offline and it came up clean. I am now running a Full Scan so that will probably take an hour or three. So I am going to call it a day. It has been a long one. I will update you with those results when the scan is finished running.
  9. nothing available before yesterday for some reason. i've dealt with some bad ones before but have always been able to figure them out.
  10. came up clean also. Here is the regsitry key in a zip. abc.zip
  11. here is the registry key Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\software\sistemanet]
  12. this copy/pastedidnt come through right. it didnt find anything.
  13. one item to note there is another file called ntdll(2)(2).dll in system32 Less details Analysis Comments Votes Additional information Antivirus Result Update Agnitum - 20121202 AhnLab-V3 - 20121202 AntiVir - 20121202 Antiy-AVL - 20121202 Avast - 20121202 AVG - 20121202 BitDefender - 20121202 ByteHero - 20121130 CAT-QuickHeal - 20121201 ClamAV - 20121202 Commtouch - 20121202 Comodo - 20121202 DrWeb - 20121202 Emsisoft - 20121202 eSafe - 20121202 ESET-NOD32 - 20121202 F-Prot - 20121202 F-Secure - 20121202 Fortinet - 20121202 GData - 20121202 Ikarus - 20121202 Jiangmin - 20121202 K7AntiVirus - 20121130 Kaspersky - 20121202 Kingsoft - 20121119 Malwarebytes - 20121202 McAfee - 20121202 McAfee-GW-Edition - 20121202 Microsoft - 20121202 MicroWorld-eScan - 20121202 NANO-Antivirus - 20121202 Norman - 20121202 nProtect - 20121202 Panda - 20121202 PCTools - 20121202 Rising - 20121130 Sophos - 20121202 SUPERAntiSpyware - 20121202 Symantec - 20121202 TheHacker - 20121202 TotalDefense - 20121202 TrendMicro - 20121202 TrendMicro-HouseCall - 20121202 VBA32 - 20121130 VIPRE - 20121202 ViRobot - 20121202
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.