[Daemon]

Copy the files to a memory stick or similar and use that to swap between the two.

[Advertisements]

File: or3.exe
Status: INFECTED/MALWARE
MD5 166153e5c6e6e7e96037d695f6e580d6
Packers detected: -

Scanner results
Scan taken on 24 Apr 2007 20:06:22 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Spy.Win32.Bancos.aam
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Spy.Win32.Bancos.aam
NOD32 Found Win32/Spy.Agent.PZ
Norman Virus Control Found nothing
Panda Antivirus Found Trj/Wsnpoem.AF
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Spy.Win32.Bancos.aam


File: eqtldvyddwkqr.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 4a7c93cdc17dfc8fed849b57cdc8ce88
Packers detected: -

Scanner results
Scan taken on 24 Apr 2007 20:07:50 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.afg.2
ArcaVir Found Trojan.Agent.Afg
Avast Found nothing
AVG Antivirus Found Agent.AQN
BitDefender Found Trojan.Vqten.A
ClamAV Found nothing
Dr.Web Found Trojan.Vqten
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Agent.afg
Fortinet Found W32/Agent.AFG!tr
Kaspersky Anti-Virus Found Trojan.Win32.Agent.afg
NOD32 Found Win32/Agent.NHD
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Trojan.Agent.HGA
VBA32 Found Trojan.Vqten

File: tmp_7k.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 3209acce3e76c2466e0885085b4e68e3
Packers detected: -

Scanner results
Scan taken on 24 Apr 2007 20:15:31 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Peed.Gen
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Small.cyn
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.cyn
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Packed/FSG
VBA32 Found nothing



Also, I replaced sporder with the one you gave me

Edited by benomoth, 24 April 2007 - 02:16 PM.

[benomoth]

File: or3.exe
Status: INFECTED/MALWARE
MD5 166153e5c6e6e7e96037d695f6e580d6
Packers detected: -

Scanner results
Scan taken on 24 Apr 2007 20:06:22 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Spy.Win32.Bancos.aam
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Spy.Win32.Bancos.aam
NOD32 Found Win32/Spy.Agent.PZ
Norman Virus Control Found nothing
Panda Antivirus Found Trj/Wsnpoem.AF
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Spy.Win32.Bancos.aam


File: eqtldvyddwkqr.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 4a7c93cdc17dfc8fed849b57cdc8ce88
Packers detected: -

Scanner results
Scan taken on 24 Apr 2007 20:07:50 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.afg.2
ArcaVir Found Trojan.Agent.Afg
Avast Found nothing
AVG Antivirus Found Agent.AQN
BitDefender Found Trojan.Vqten.A
ClamAV Found nothing
Dr.Web Found Trojan.Vqten
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Agent.afg
Fortinet Found W32/Agent.AFG!tr
Kaspersky Anti-Virus Found Trojan.Win32.Agent.afg
NOD32 Found Win32/Agent.NHD
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Trojan.Agent.HGA
VBA32 Found Trojan.Vqten

File: tmp_7k.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 3209acce3e76c2466e0885085b4e68e3
Packers detected: -

Scanner results
Scan taken on 24 Apr 2007 20:15:31 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Peed.Gen
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Small.cyn
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.cyn
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Packed/FSG
VBA32 Found nothing



Also, I replaced sporder with the one you gave me

Edited by benomoth, 24 April 2007 - 02:16 PM.

[Daemon]

Delete those two infected files. Do you have the results of the third one?

[Daemon]

Ah edited... delete all three. Post a new HJT log.

[benomoth]

Logfile of HijackThis v1.99.1
Scan saved at 7:08:04 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wooster.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wooster.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wooster.edu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

[Daemon]

The log looks OK. I assume you still can't connect to anything? Let's do a final scan to make sure there is no malware lurking.

Do an online scan with Kaspersky WebScanner.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[benomoth]

This might be a dumb question but how do i do an online scan if i cant get online?

[Daemon]

No, it's not - it was a dumb request.

How do you normally connect to the internet - dial up, dsl, through a network? When did the connection stop, prior to posting here or after we first ran the antipyware applications?

[benomoth]

I am through a network at school. it would automatically connect me through LAN and Broadband and Wireless. First the LAN started messing up and I could not reew my IP address. Then all 3 options disappeared when i open My Network Connections and my Internal Network Card says its off. Firewall cant connect either.

This happened before I ever contacted you and the only virus protection i had was spybot and adaware. I then downloaded AVG and when it got worse I got Xoftspy. I havent been able to get any network access since before i posted on this site.

[Daemon]

Go to Control Panel>Network Connections>doubleclick LAN and tell me what it says in the device status box.

[benomoth]

It is not even an option. Thers nothing under Network Connections and when I try to create a boradband network that is always on, it says I should already be connected

[Daemon]

Go to Control Panel>System>Hardware>Device Manager>Network Adapters and doubleclick on your card if there. Take a screenshot of the window that pops up and post it here.

[benomoth]

I got the screen shot but it was way too big to upload (5mb). Basically every network adapter says that the driver is corrupted or missing and i ran the troubleshooters but none of them were able to repair the drivers

[Daemon]

Try the add hardware icon in Control Panel to see if that fixes it, otherwise you need to track down the latest drivers for your kit. Failing all that, I think you are looking at a reformat and reinstall.

[benomoth]

Yeah it didnt work. Guess I'll have to reformat. Any clue as to how/why this happened?