Jump to content

Recommended Posts

Two times now I have been hit with AntivirusSuite and after running Malwarebytes it finds and removes the problems. The problem that I have is that the user account no longer can access the internet but can access local resources on the network but the admin account on the machine works fine. I've tried searching this site and others for help but I am stumped. I've used MMC to try and look for services and items that might have been changed but no luck. This has happened the same way to me twice on 2 different machines :)

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

HERE IS THE GMER

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-05 13:34:28

Windows 5.1.2600 Service Pack 3

Running: bsp5yg51.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdapog.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 004170D0 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00417140 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00416FC0 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00416F10 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00417090 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00416F50 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00417000 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00416F80 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00417040 C:\WINDOWS\SMINST\Scheduler.exe

.text C:\WINDOWS\SMINST\Scheduler.exe[344] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00416ED0 C:\WINDOWS\SMINST\Scheduler.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

DDS.txt

Attach.txt

I hope this is what you are looking for

Thanks

Rastro

Link to post
Share on other sites

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Thank you for your help here is the combofix log attached please let me know if I need to do anything else

Thank you in advance

Rastro

combofixlog.txt

Link to post
Share on other sites

Yes, but those were taken under administrator account which you said did work properly. I asked:

Could you also run DDS on the account which has the mentioned problems and post back the logs?
Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.