Tech Support Forum - View Single Post

mavica · 12-01-2005, 11:35 PM

Hi, thanks for the instructions.

Here's the HJT file, and the Panda ActiveScan report:

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 2:32:52 PM, on 12/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ZH-SG\MSNAPPAU.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\zh-sg\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

Panda ActiveScan:

Incident Status Location

Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:adware/psguard Not disinfected Windows Registry
Adware:Adware/WinHound Not disinfected C:\WINDOWS\SYSTEM\oleext.dll
Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\SYSTEM\ll.exe
Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\SYSTEM\sywsvcs.exe
Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\SYSTEM\~update.exe
Virus:Trj/DNSChanger.BI Not disinfected C:\WINDOWS\SYSTEM\hgqhp.exe
Virus:Trj/Downloader.GHJ Not disinfected C:\WINDOWS\SYSTEM\cskhm.exe
Virus:Trj/Menso.A Not disinfected C:\WINDOWS\SYSTEM\dmala.exe
Adware:Adware/QuickWeb Not disinfected C:\WINDOWS\SYSTEM\hlmicro.exe
Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM\idemlog.exe
Virus:Trj/Gagar.A Not disinfected C:\WINDOWS\TEMP\obam.exe
Virus:Trj/Gagar.A Not disinfected C:\WINDOWS\TEMP\mmjo.exe
Virus:Trj/Downloader.GLA Not disinfected C:\WINDOWS\TEMP\iano.exe
Virus:Trj/Downloader.GLA Not disinfected C:\WINDOWS\TEMP\gicm.exe
Spyware:Spyware/Premeter Not disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Measure.class-5b9d51af-24b79c7b.class
Spyware:Spyware/Premeter Not disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Measure.class-5d526ecf-5d50c3ea.class
Spyware:Spyware/Premeter Not disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Measure.class-6a3ae87a-4b3399b2.class
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Desktop\backups\backup-20051129-210243-529.dll
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Desktop\backups\backup-20051129-212230-167.dll
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Desktop\backups\backup-20051130-101935-808.dll
Virus:Trj/Downloader.GLD Not disinfected C:\q940856.exe

12-01-2005, 11:35 PM	#5 (permalink)
mavica Registered User Join Date: Nov 2005 Posts: 5 OS: Win 98	Hi, thanks for the instructions. Here's the HJT file, and the Panda ActiveScan report: HJT: Logfile of HijackThis v1.99.1 Scan saved at 2:32:52 PM, on 12/2/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ZH-SG\MSNAPPAU.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\zh-sg\msnappau.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab Panda ActiveScan: Incident Status Location Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM\oleext.dll Adware:adware/psguard Not disinfected Windows Registry Adware:Adware/WinHound Not disinfected C:\WINDOWS\SYSTEM\oleext.dll Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\SYSTEM\ll.exe Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\SYSTEM\sywsvcs.exe Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\SYSTEM\~update.exe Virus:Trj/DNSChanger.BI Not disinfected C:\WINDOWS\SYSTEM\hgqhp.exe Virus:Trj/Downloader.GHJ Not disinfected C:\WINDOWS\SYSTEM\cskhm.exe Virus:Trj/Menso.A Not disinfected C:\WINDOWS\SYSTEM\dmala.exe Adware:Adware/QuickWeb Not disinfected C:\WINDOWS\SYSTEM\hlmicro.exe Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM\idemlog.exe Virus:Trj/Gagar.A Not disinfected C:\WINDOWS\TEMP\obam.exe Virus:Trj/Gagar.A Not disinfected C:\WINDOWS\TEMP\mmjo.exe Virus:Trj/Downloader.GLA Not disinfected C:\WINDOWS\TEMP\iano.exe Virus:Trj/Downloader.GLA Not disinfected C:\WINDOWS\TEMP\gicm.exe Spyware:Spyware/Premeter Not disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Measure.class-5b9d51af-24b79c7b.class Spyware:Spyware/Premeter Not disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Measure.class-5d526ecf-5d50c3ea.class Spyware:Spyware/Premeter Not disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Measure.class-6a3ae87a-4b3399b2.class Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Desktop\backups\backup-20051129-210243-529.dll Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Desktop\backups\backup-20051129-212230-167.dll Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Desktop\backups\backup-20051130-101935-808.dll Virus:Trj/Downloader.GLD Not disinfected C:\q940856.exe