Trojan Horse

[bizzoveg111]

System resotore thing COMPLETE.

Spyware Blaster 3.4 Downloaded!

Spysweeper Uninstalled.

Service Pack 2 not installed because it disables my USB ports. I have 4.
I downloaded it a few weeks back and had to uninstall it.

I am using Spybot v1.3 but am having problems downloading updates.......


How did the trojan get on my computer?

Thanks

[bizzoveg111]

Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:04:33 PM, on 1/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HijackThisSpywareRemover\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132951782953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133261628729
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

[guestolo]

It's been known that having malware on your computer can lead to a bad install of Service pack 2
That is what may of happened in your case

You should uninstall Spybot 1.3 from Add/Remove programs
Reboot the computer
Back in Windows

Download and Install Spybot 1.4 from
HERE
 or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

I've seen others have problems after installing SP2
Most due to having malware on their computers
Some because of compatibility issues, which are hard to track down
The best thing to do is make sure that your system is totally up to date on manufacuter updates before installation
As recommended by this link
http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx

However, that still isn't enough at times
I found this, not sure if it will work however
After the user installed SP2
I have no idea if this will help

1. Expand "USB Serial Bus Controllers" in device manager
2. Right-click on the USB Host Controller driver (if there is more than 1, then repeat this process for them all) and choose update driver
3. allow windows to search for software
4. choose to install from a specific location
5. choose "dont search. I will choose the driver..."
6. choose "Standard OpenHCD USB Host contoller", or just try whatever driver is listed, starting with the bottom of the list.

My device manager listed 4 usb host drivers, and i regained usb support after changing 2 of the drivers as described above.

Found from this link
http://forum.ecoustics.com/bbs/messages/8829/124257.html

[bizzoveg111]

I had my whole hard drive reformatted and discovered the USB problem when I tried to install the printer etc.

Is it REALLY necessary for me to have the update?

I have uninstalled spybot 1.3 and have installed spybot 1.4...thanks

I just don't understand how the trojan got on my computer when i do not open strange emails and had AVG up & running.

My daughter and I are thinking about donating to the link below.

Is this yours?

You have been terrific! I cannot believe how knowledgable you are......

[guestolo]

I appreciate the offer of the donation
My services are free, it is only optional

I would hate to think we left you without the proper Security updates
SP2 supplies those updates

But I also don't want to leave you without working USB ports
Have you checked your manufacturer for any updates?
What is the make and model of your computer?

[bizzoveg111]

Make and model;

This is all i can tell you.....

AMD Athlon Processor...80 gig
Gigabyte motherboard  GA 7PXE
512 mb RAM

I think it is equivalent to a Pentium 111?

How do I know who the manufacturer is? I just bought the computer at a fair....(this sounds so female doesn't it?)

Thanks

[guestolo]

I'll lock this topic, continue with the other post please as this is now not malware related
Thanks