Print Page - Topic for Brownthumbia!

Title: Topic for Brownthumbia!
Post by: Corrine on July 19, 2012, 12:58:22 AM

Brownthumbia is joining us from GardenWeb for some help with her computer.
http://ths.gardenweb.com/forums/load/comphelp/msg0710400412958.html?3093

Preliminary instructions:

Download DDS.scr by sUBs and save it to your desktop: Link (http://download.bleepingcomputer.com/sUBs/dds.scr)

Double-Click dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both DDS.txt and Attach.txt logs and post as a reply to this thread.

Title: Re: Topic for Brownthumbia!
Post by: Corrine on July 19, 2012, 12:58:41 AM

Brownthumbia's MBAM Log from July 14:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.11.11

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
rolapete :: ROLAPETE-HP [administrator]

7/11/2012 6:20:57 PM
mbam-log-2012-07-11 (18-20-57).txt

Scan type: Full scan (C:\:)
Scan options enabled: Memory : Startup : Registry : File System : Heuristics/Extra : Heuristics/Shuriken : PUP : PUM
Scan options disabled: P2P
Objects scanned: 606943
Time elapsed: 1 hour(s), 27 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center:UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\rolapete\AppData\Local\Temp\i4b2408262764878063192.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Users\rolapete\AppData\Local\(1ffaadfd-f713-3d77-b823-dd61c5aa7ec3)\n (Rootkit.0Access) -> Delete on reboot.
C:\Windows\Installer\(1ffaadfd-f713-3d77-b823-dd61c5aa7ec3)\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\(1ffaadfd-f713-3d77-b823-dd61c5aa7ec3)\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: Corrine on July 19, 2012, 12:58:22 AM