Trojan and logger infection! - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Trojan and logger infection!

#1 V-GER

  • Group: Member
  • Posts: 36
  • Joined: 21-July 06

Posted 13 July 2007 - 08:03 AM

Thank you in advance for the response. My IE is just crawling and I am getting pop-ups every couple minutes. I have AVG and Prevx. AVG is locating trojan.agent.aia and logger.banker.cnx. AVG removes them but they keep coming back. Prevx locates IEUBdata.dll with the same results. Things are also generally very slow with some hangups of other programs. Here is my current HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:57:21 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AutoCAD LT 2004\aclt.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\WINDOWS\System32\qmfbappe.exe
C:\WINDOWS\System32\ocxloader.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ef0685f-e11f-4208-b362-bdce875461c5} - C:\WINDOWS\system32\infdgl.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [fryHighRes] rundll32 atipmogl.dll,DetectHighResMonitor
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [ocxloader.exe] C:\WINDOWS\System32\ocxloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\Ron\svchost.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa....plugins/ncs.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral....s/pmupdate2.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: infdgl - C:\WINDOWS\SYSTEM32\infdgl.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

Share this topic:


Page 1 of 1