We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Probable virus - Vista

24

Comments

  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • DDS.com
    • DDS.scr
    • DDS.pif
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
  • Loopy_Girl
    Loopy_Girl Posts: 4,444 Forumite
    fiddiwebb wrote: »
    Just out of interest did the message from the forum come from the admin of that forum and did they say that when you visited last that they found that you had a virus and gave a link to a antivirus scan that you could use?

    Anything like this............

    http://forums.moneysavingexpert.com/showthread.html?t=2239089&highlight=email

    *sigh* Yes, that is the exact message and as it's a forum I use more or less daily I didn't think anything of it :(
  • Loopy_Girl
    Loopy_Girl Posts: 4,444 Forumite
    Reluctant_spender wrote: »
    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • DDS.com
    • DDS.scr
    • DDS.pif
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

    Do you want me to do this as well as send you email as discussed or instead of?
  • Loopy_Girl
    Loopy_Girl Posts: 4,444 Forumite
    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Karen at 9:27:20.02 on 09/02/2010
    Internet Explorer: 8.0.6001.18882
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.446.77 [GMT 0:00]
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\dlcccoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\WINDOWS\System32\s3trayp.exe
    C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D294I17\dds[1].scr
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [S3Trayp] S3trayp.exe
    mRun: [HDAudDeck] c:\program files\via\viaudioi\vistaadeck\HDAudioCPL.exe 1
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
    mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
    mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {F587063B-18CE-4BB1-84C3-2EA572135E17} = 208.67.222.222,208.67.220.220
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    AppInit_DLLs: avgrsstx.dll
    ============= SERVICES / DRIVERS ===============
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-13 333192]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-13 28424]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-13 360584]
    R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\VTGKModeDX32.sys [2007-3-7 815616]
    =============== Created Last 30 ================
    2010-02-08 23:27:11 0 d
    w- c:\program files\ESET
    2010-02-08 22:33:05 0 d
    w- c:\users\karen\appdata\roaming\Malwarebytes
    2010-02-08 22:32:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-08 22:32:51 0 d
    w- c:\programdata\Malwarebytes
    2010-02-08 22:32:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-08 22:32:49 0 d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-13 07:49:14 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-13 07:49:13 72704 ----a-w- c:\windows\system32\fontsub.dll
    ==================== Find3M ====================
    2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-25 00:31:11 3788 ----a-w- c:\users\karen\appdata\roaming\wklnhst.dat
    2009-11-21 23:18:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-17 17:20:15 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-17 17:20:15 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-11-17 17:20:15 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-11-17 17:20:15 143360 ----a-w- c:\windows\inf\infstor.dat
    2008-05-24 15:01:43 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2007-11-14 16:30:43 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2009-10-28 23:16:23 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-10-15 17:01:38 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2007-11-29 16:28:46 16384 --sha-w- c:\windows\temp\cookies\index.dat
    2007-11-29 16:28:46 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
    2007-11-29 16:28:46 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
    ============= FINISH: 9:30:43.73 ===============
  • fiddiwebb
    fiddiwebb Posts: 1,806 Forumite
    Loopy_Girl wrote: »
    *sigh* Yes, that is the exact message and as it's a forum I use more or less daily I didn't think anything of it :(

    Did you use the online scanner that the link suggested in the message you received and did you use the other link to sign in and view the original message?
  • Loopy_Girl
    Loopy_Girl Posts: 4,444 Forumite
    fiddiwebb wrote: »
    Did you use the online scanner that the link suggested in the message you received and did you use the other link to sign in and view the original message?


    I did follow the link in the message yes, and it came up with a box which was red and said the virus had been blocked. I then logged out

    To sign back in I just used my normal log in and password again - is that what you are meaning?
  • fiddiwebb
    fiddiwebb Posts: 1,806 Forumite
    edited 9 February 2010 at 10:14AM
    Loopy_Girl wrote: »
    I did follow the link in the message yes, and it came up with a box which was red and said the virus had been blocked. I then logged out

    To sign back in I just used my normal log in and password again - is that what you are meaning?

    If you signed in using the link that was given in the bogus forum message then you should change your passwords for that forum, in fact you might have to change all your passwords.

    I'm not sure what the online scan would have done as nothing has been reported as far as I know what the effects are.

    Just follow the advice on here about what scans to run.
  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    OP, your service packs are 2 or 3 years out of date. You are running Vista Home Basic. Vista is now up to Vista SP2, run Windows Updates at at the earliest opportunity and make sure you have it set to receive Auto Updates for the future.
    Running without the current service packs leaves loads of holes in your system security.
    And time to get a better AV program than AVG.
    No free lunch, and no free laptop ;)
  • Loopy_Girl
    Loopy_Girl Posts: 4,444 Forumite
    macman wrote: »
    OP, your service packs are 2 or 3 years out of date. You are running Vista Home Basic. Vista is now up to Vista SP2, run Windows Updates at at the earliest opportunity and make sure you have it set to receive Auto Updates for the future.
    Running without the current service packs leaves loads of holes in your system security.
    And time to get a better AV program than AVG.

    I installed Service Pack 2 on 21/10/2009 and I do have it set up for auto updates as I quite regularly have to install stuff

    Is the service pack not what you are talking about?

    And it was AVG that was recommended from here!!! What would you recommend instead?
  • Loopy_Girl
    Loopy_Girl Posts: 4,444 Forumite
    fiddiwebb wrote: »
    If you signed in using the link that was given in the bogus forum message then you should change your passwords for that forum, in fact you might have to change all your passwords.


    Ahhh I know what you mean now!!! No, I didn't follow the link from the email advising me of a PM - I just went straight to the forum and signed in there
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.3K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 601.1K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture