We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help site wants $84 from me

245

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    It doesn't sound as though it's been removed fully?

    Post the malwarebytes log then do this - It should take only 2-3 minutes.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:

    • Double click DDS to run it.
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
  • Mrs_pbradley936
    Mrs_pbradley936 Posts: 14,573 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    edited 24 September 2012 at 7:05PM
    waddler_8 wrote: »
    It doesn't sound as though it's been removed fully?

    Post the malwarebytes log then do this - It should take only 2-3 minutes.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:

    • Double click DDS to run it.
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)


    I think I am OK because I dragged it to the bin and emptied it and everything is working OK. I re-ran the RKill and it found nothing.

    I am running the Malewarebytes again and will let you know what it finds. If it says nothing wrong will I be OK?
  • GunJack
    GunJack Posts: 11,930 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    probably, but I'd stil run DDS and post the log....there may be hangovers/other bits in there which may need dealing with :)
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Mrs_pbradley936
    Mrs_pbradley936 Posts: 14,573 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    OK well Malewarebytes has found nothing - it found 2 the first time I ran a quick scan and 13 when I ran it in safe mode following the above instructions. Should I delete all of the nasties? They are in the quarantine section, loads and loads because I just checked the settings and as well as running in protection mode as soon as Windows starts it scans everyday at 11 am.

    I have never checked any of that until now!
  • GunJack
    GunJack Posts: 11,930 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    If there's loads it quite probably points to a more deeply-infected system, post all the logs which show detections for further advice...Waddler especially will be keen to see the DDS log....
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Mrs_pbradley936
    Mrs_pbradley936 Posts: 14,573 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    This is today's but I have them for years!!

    2012/09/24 15:32:59 +0100 NEWDELL Susan MESSAGE Starting IP protection
    2012/09/24 15:33:09 +0100 NEWDELL Susan MESSAGE IP Protection started successfully
    2012/09/24 16:13:19 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 50239, Process: ffgvub.exe)
    2012/09/24 16:13:20 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 50240, Process: ffgvub.exe)
    2012/09/24 16:14:24 +0100 NEWDELL Susan IP-BLOCK 193.169.86.61 (Type: outgoing, Port: 50330, Process: ffgvub.exe)
    2012/09/24 16:14:24 +0100 NEWDELL Susan IP-BLOCK 94.102.51.153 (Type: outgoing, Port: 50331, Process: ffgvub.exe)
    2012/09/24 16:14:24 +0100 NEWDELL Susan IP-BLOCK 93.174.88.225 (Type: outgoing, Port: 50336, Process: ffgvub.exe)
    2012/09/24 16:14:24 +0100 NEWDELL Susan IP-BLOCK 94.102.51.153 (Type: outgoing, Port: 50337, Process: ffgvub.exe)
    2012/09/24 16:14:24 +0100 NEWDELL Susan IP-BLOCK 93.174.88.225 (Type: outgoing, Port: 50338, Process: ffgvub.exe)
    2012/09/24 16:14:24 +0100 NEWDELL Susan IP-BLOCK 193.169.86.61 (Type: outgoing, Port: 50339, Process: ffgvub.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 94.102.51.154 (Type: outgoing, Port: 50478, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 91.228.111.38 (Type: outgoing, Port: 50479, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 50480, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 50481, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 80.82.79.86 (Type: outgoing, Port: 50482, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 50484, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 80.82.79.86 (Type: outgoing, Port: 50485, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 91.228.111.38 (Type: outgoing, Port: 50486, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:24:59 +0100 NEWDELL Susan IP-BLOCK 80.82.79.86 (Type: outgoing, Port: 50487, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:32:50 +0100 NEWDELL Susan MESSAGE Starting protection
    2012/09/24 16:32:50 +0100 NEWDELL Susan MESSAGE Protection started successfully
    2012/09/24 16:32:50 +0100 NEWDELL Susan MESSAGE Starting IP protection
    2012/09/24 16:32:57 +0100 NEWDELL Susan MESSAGE IP Protection started successfully
    2012/09/24 16:46:57 +0100 NEWDELL (null) IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49189, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:46:58 +0100 NEWDELL (null) IP-BLOCK 94.102.51.154 (Type: outgoing, Port: 49190, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:46:58 +0100 NEWDELL (null) IP-BLOCK 91.228.111.38 (Type: outgoing, Port: 49191, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:46:58 +0100 NEWDELL (null) IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49192, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:46:58 +0100 NEWDELL (null) IP-BLOCK 80.82.79.86 (Type: outgoing, Port: 49193, Process: tbrinnxs8rvve7.exe)
    2012/09/24 16:51:11 +0100 NEWDELL Susan MESSAGE Starting protection
    2012/09/24 16:51:11 +0100 NEWDELL Susan MESSAGE Protection started successfully
    2012/09/24 16:51:11 +0100 NEWDELL Susan MESSAGE Starting IP protection
    2012/09/24 16:51:16 +0100 NEWDELL Susan MESSAGE IP Protection started successfully
    2012/09/24 16:52:04 +0100 NEWDELL Susan MESSAGE Starting database refresh
    2012/09/24 16:52:04 +0100 NEWDELL Susan MESSAGE Stopping IP protection
    2012/09/24 16:52:04 +0100 NEWDELL Susan MESSAGE IP Protection stopped successfully
    2012/09/24 16:52:12 +0100 NEWDELL Susan MESSAGE Database refreshed successfully
    2012/09/24 16:52:12 +0100 NEWDELL Susan MESSAGE Starting IP protection
    2012/09/24 16:52:18 +0100 NEWDELL Susan MESSAGE IP Protection started successfully
    2012/09/24 17:39:01 +0100 NEWDELL Susan IP-BLOCK 94.102.51.154 (Type: outgoing, Port: 49188, Process: tbrinnxs8rvve7.exe)
    2012/09/24 17:39:01 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49189, Process: tbrinnxs8rvve7.exe)
    2012/09/24 17:39:01 +0100 NEWDELL Susan IP-BLOCK 93.174.88.225 (Type: outgoing, Port: 49181, Process: rmarwgtdjhvyrkh.exe)
    2012/09/24 17:39:01 +0100 NEWDELL Susan IP-BLOCK 94.102.51.153 (Type: outgoing, Port: 49182, Process: rmarwgtdjhvyrkh.exe)
    2012/09/24 17:39:01 +0100 NEWDELL Susan IP-BLOCK 193.169.86.61 (Type: outgoing, Port: 49193, Process: rmarwgtdjhvyrkh.exe)
    2012/09/24 19:06:38 +0100 NEWDELL Susan MESSAGE Starting protection
    2012/09/24 19:06:38 +0100 NEWDELL Susan MESSAGE Protection started successfully
    2012/09/24 19:06:38 +0100 NEWDELL Susan MESSAGE Starting IP protection
    2012/09/24 19:06:43 +0100 NEWDELL Susan MESSAGE IP Protection started successfully
    2012/09/24 19:47:52 +0100 NEWDELL Susan IP-BLOCK 94.102.51.154 (Type: outgoing, Port: 49211, Process: tbrinnxs8rvve7.exe)
    2012/09/24 19:52:52 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49212, Process: tbrinnxs8rvve7.exe)
    2012/09/24 19:57:53 +0100 NEWDELL Susan IP-BLOCK 91.228.111.38 (Type: outgoing, Port: 49213, Process: tbrinnxs8rvve7.exe)
    2012/09/24 20:02:54 +0100 NEWDELL Susan IP-BLOCK 80.82.79.86 (Type: outgoing, Port: 49214, Process: tbrinnxs8rvve7.exe)
    2012/09/24 20:06:33 +0100 NEWDELL Susan MESSAGE Starting database refresh
    2012/09/24 20:06:33 +0100 NEWDELL Susan MESSAGE Stopping IP protection
    2012/09/24 20:07:56 +0100 NEWDELL Susan MESSAGE IP Protection stopped successfully
    2012/09/24 20:08:17 +0100 NEWDELL Susan MESSAGE Database refreshed successfully
    2012/09/24 20:08:17 +0100 NEWDELL Susan MESSAGE Starting IP protection
    2012/09/24 20:08:23 +0100 NEWDELL Susan MESSAGE IP Protection started successfully
  • GunJack
    GunJack Posts: 11,930 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I meant the scan log reports....
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Mrs_pbradley936
    Mrs_pbradley936 Posts: 14,573 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Susan at 20:59:39 on 2012-09-24
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.625 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Windows\system32\lxdicoms.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\explorer.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.my.yahoo.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Facebook Update] "c:\users\susan\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [rmARWGtDjHvYrkh.exe] c:\programdata\rmARWGtDjHvYrkh.exe
    uRun: [tBrinNXS8RVvE7] c:\programdata\tBrinNXS8RVvE7.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0BB51C71-E1ED-45FB-BAF9-4A95C7B9E7DF} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8C9456D4-76D1-42D9-B7C1-90F9D624107C} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CEB374D5-9F88-4791-88B0-4F5C8012B4FA} : DhcpNameServer = 192.168.42.129
    Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
    R1 MpKslf7eef268;MpKslf7eef268;c:\programdata\microsoft\microsoft antimalware\definition updates\{b378638c-63e4-45cb-972f-f07368f786eb}\MpKslf7eef268.sys [2012-9-24 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-2 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2ba5baa4\AEstSrv.exe [2008-10-6 73728]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-8 676936]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-22 1153368]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-6-12 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-24 203264]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-8 22856]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-24 40776]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-14 136176]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-4-26 99248]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-23 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-14 136176]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-09-24 19:49:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-09-24 18:50:54 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b378638c-63e4-45cb-972f-f07368f786eb}\MpKslf7eef268.sys
    2012-09-24 16:58:24
    d
    w- c:\users\susan\appdata\local\Vid-Saver
    2012-09-24 16:58:23
    d
    w- c:\program files\Vid-Saver
    2012-09-24 15:50:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b378638c-63e4-45cb-972f-f07368f786eb}\offreg.dll
    2012-09-24 15:24:24 252416 ----a-w- c:\programdata\tBrinNXS8RVvE7.exe
    2012-09-24 15:13:13 338432 ----a-w- c:\programdata\rmARWGtDjHvYrkh.exe
    2012-09-24 14:49:54 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b378638c-63e4-45cb-972f-f07368f786eb}\mpengine.dll
    2012-09-23 13:29:33 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-09-04 10:13:02
    d
    w- C:\Malwarebytes
    2012-09-02 14:47:14 8282192 ----a-w- c:\programdata\microsoft\bingbar\bbsvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-08-27 10:05:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2012-09-07 16:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-03 12:51:02 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-03 12:51:02 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 21:01:29.50 ===============
  • Mrs_pbradley936
    Mrs_pbradley936 Posts: 14,573 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    I have to sign off now but many thanks for all your help. If I have not pasted what you wanted I am sorry but this is all new to me.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Mrs_pbradley936 wrote: »
    I have to sign off now but many thanks for all your help. If I have not pasted what you wanted I am sorry but this is all new to me.
    The DDS log shows signs of infection. Coupled with the protection log it shows processes that are attempting to contact (amongst others) known Russian Business Network IP's (Blocked by mbam's IP protection).
    uRun: [tBrinNXS8RVvE7] c:\programdata\tBrinNXS8RVvE7.exe
    2012/09/24 19:52:52 +0100 NEWDELL Susan IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49212, Process: tbrinnxs8rvve7.exe)
    http://urlquery.net/report.php?id=150435

    And also:
    2012-09-24 16:58:24
    d
    w- c:\users\susan\appdata\local\Vid-Saver
    2012-09-24 16:58:23
    d
    w- c:\program files\Vid-Saver
    http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Vid-Saver.aspx
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.9K Banking & Borrowing
  • 253.9K Reduce Debt & Boost Income
  • 454.7K Spending & Discounts
  • 246K Work, Benefits & Business
  • 602K Mortgages, Homes & Bills
  • 177.8K Life & Family
  • 259.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture