Computeractive - Home computing advice in plain English


 Simple clear advice in plain English



Go Back   Forums > Readers to the Rescue > Security
Search Today's Posts Mark Forums Read


Closed Thread
Thread Tools Display Modes
Old 30-01-2009, 15:00
bobboss bobboss is offline
Forum Member
Join Date: Oct 2006
Posts: 111
Default Virus, Trojan or more sinister?

Whilst recently enjoying (not) a spell in Hospital, my wonderful Wife, on a visit to me, informed me that our Son was having problems with my Wife's pc.
Having my own pc & laptop, I asked Her not to worry about it, use one of them & I'll have a look when I've managed to escape from "Colditz".
Have now attempted to "have a look".
I am fairly "pc competent", having built 15/20 desktops & repaired countless others (with a heck of a lot of help from you guys), including laptops.

My Wife's pc is one that I have built myself, fairly high spec, running xp pro, sp3.
Up until my enforced Hospital visit, I have kept all our PC's up to date regarding Updates/Scans etc.
I believe, but cannot be 100% sure, something nasty has gained access.
Security software installed;-
Zone Alarm - AVG8 - Ad-Aware - Popup Stopper.
Have used (still am on other pc's) these programs for some time now. Never had any problems at all.
The Problem;-
After starting the pc, running very slow, this was never an issue. Always was fairly quick.
When eventually "awake", as soon as online connection was established (via wireless network), it just goes "haywire".
Every time I try to connect to any security sites, for updates etc, I get a blank white "page" with the following info in the "address bar";-

"hell.htm?config=..%25255c%25255c%25255c%25255cage nt%25255cclientui_config.xml%26configtouse=subagen t

An "Error Message" then appears in its own window;-

failed on loading skinname "talktalk". The file "shell.css" is required in your "sscommon/skins/talktalk/css"directory.
To fix this problem, please check the skin name in your config file, or reinstall the application.

YEP, that's just what I thought!!

I have tried to do a "windows repair", using the original XP Disk (obviously without an internet connection).
This will only go as far as "press enter to repair Windows". PC then sits there waiting to see who will crack first, me or IT, yeah, it's always me!

Really do not know which way to turn now.
The only thing I can think of to try (I've done this with limited success in the past);
Remove Hard Drive from Wife's pc, using various connections I have, connect drive to my pc via USB connection.
Then scanning the drive using the up to date security on my pc.
Is this viable?
Or am I putting my PC at risk?

Any advice & help with this problem will be extremely welcome, & my thanks would be endless (& it may stop my Darling Wife from CHEWING MY EAR OFF).

Regards, & thanks in advance,

Old 30-01-2009, 15:24
rogerman40 rogerman40 is offline
Expert Member
Join Date: Apr 2002
Posts: 7,838
Default Re: Virus, Trojan or more sinister?


Have you run a scan with SuperAntiSpyware while not connected to the internet?

If you don`t have it why not download it, free from, to one of your other computers then transfer it via, say, memory stick to the troublesome unit and run a scan, preferably with the computer booted into safe mode.

This is an excellent programme for finding malware and removing it. Worth a try!

Old 30-01-2009, 16:04
TIG TIG is offline
Senior Member
Join Date: Aug 2008
Location: west midlands
Posts: 2,753
Default Re: Virus, Trojan or more sinister?

with rogerman sound advice hit it with this also
Old 30-01-2009, 19:41
Exos Exos is offline
Forum Member
Join Date: Aug 2007
Location: Glasgow
Posts: 973
Default Re: Virus, Trojan or more sinister?

Hi Its another browser hijack TIGs suggestion of malwarebytes should work for tou but if you stll have problems try this
and post a log file here for us to look at cheers
Old 31-01-2009, 14:49
bobboss bobboss is offline
Forum Member
Join Date: Oct 2006
Posts: 111
Default Re: Virus, Trojan or more sinister?

Thanks very much Folks.
Not at home at the mo (granddaughters Birthday). Back Sun, I can then get back to work on it.
I'll let you all know how it pans out, once again, thank you all.

Old 12-02-2009, 13:43
bobboss bobboss is offline
Forum Member
Join Date: Oct 2006
Posts: 111
Default Re: Virus, Trojan or more sinister?

Hi rogerman,
did as you suggested, it found & cleared around 12 "possible suspects".
But, after restarting pc, with an internet connection, same probs were still there.
Decided to move onto next suggestion.
I'll let you know how it goes!
Thanks again,

Old 12-02-2009, 13:51
bobboss bobboss is offline
Forum Member
Join Date: Oct 2006
Posts: 111
Default Re: Virus, Trojan or more sinister?

as you can see above, rogerman40's suggestion was not quite a 100% success.
I,ve just followed your suggestion, very similar result to rogerman's.
Now going to try next suggestion, not really sure what to do with a "log". But, I'm hoping that once I place the "result" here, someone can decyther it for me (still hav'nt got my head around the "techie stuff") Think most of the little talent I have went into the hands rather than the brain!!!
Keep you posted, thanks again,

Old 12-02-2009, 14:18
bobboss bobboss is offline
Forum Member
Join Date: Oct 2006
Posts: 111
Default Re: Virus, Trojan or more sinister?

Hi Exos,
downloaded & ran your suggestion!, this is where I've got to admit,
it does not mean a thing to me. Really have got to rely on you Guys to tell me what to do now! Below (hopfully) is the saved log for your inspection. If you do come up with the answer, please let me know in as basic terms as poss (I even do "idiot speak" when I need to).
Once again, thanks to you & the other Guys for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:01, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P 1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P 1.EXE /P17 "EPSON PictureMate" /O6 "USB002" /M "PictureMate"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file://D:\Monopoly Here & Now Edition\Images\stg_drm.dll
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) -
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) -
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

End of file - 9860 bytes
Old 12-02-2009, 15:48
Exos Exos is offline
Forum Member
Join Date: Aug 2007
Location: Glasgow
Posts: 973
Default Re: Virus, Trojan or more sinister?

Hi mate not much there but run hijackthis again and delette this one
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
and try your system to see if its ok thats all I can spot on the log file
if no joy try malwarebytes anti malware download and update it first hope this helps you out
Old 12-02-2009, 15:52
rogerman40 rogerman40 is offline
Expert Member
Join Date: Apr 2002
Posts: 7,838
Default Re: Virus, Trojan or more sinister?


He says above that he`s used TIG`s suggestion - MBAM, without any success.

I was going to suggest he deletes all restore points then run both scans again with the computer booted into safe mode. Worth a try.

Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Graphic Problem? or more Sinister! bobboss Graphics and sound 2 04-12-2008 14:24
Trojan Virus alan bradley Security 13 09-10-2005 16:36
Trojan virus bill simpson Internet 7 22-02-2005 00:51
trojan / virus fudge Security 2 27-05-2004 18:56

All times are GMT +1. The time now is 12:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
© Copyright Dennis Publishing Limited licensed by Felden