Highlighted
JAC27
1 Copper

Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

 

This is my first post here so I hope that I'm in the right place...

I've been hit with some malware recently and am trying to make sure that I removed it all... Norton 360, Malwarebytes, Spybot, & Ad-Aware are now producing clean scans again, but It was recommended that I try Hijack This also. However, I lack the level of knowledge needed when it comes to normal processes vs. what shouldn't be there, so can someone please assist me by checking my Hijack This log and advising me on what should not be present? TIA if you can help. 🙂

I'm running a Dell XPS... I guess you'd call it a first generation XPS.

I guess that I should post the results, so here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:13 PM, on 1/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bussecompanystore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=Sym...
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?118913961...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9608 bytes

Thank you,

JA Churchman 🙂

0 Kudos
6 Replies
Bugbatter
6 Gallium

Re: Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

Hi JA Churchman,

HijackThis does not show everything, especially lately with so much malware that likes to hide. What type of malware did you have? Even though the scans are coming up clean, are you having any lingering symptoms of the malware?

Let's run a scan with a more comprehensive tool.

First, please disable TeaTimer:
Go to Start>Run. Type Msconfig > OK. On the next window that opens > Startup tab UNcheck the entry for TeaTimer until this is over...
1. Open Spybot
2. Click Mode > Advanced Mode
3. Click Yes
4. Click Tools (located in the bottom left corner) > Resident
5. Uncheck 'Resident "TeaTimer" (Protection of over-all system settings) active'
6. Then close Spybot.
Reboot.
Verify that TeaTimer is not running. You can enable it again after we have confirmed that we are finished cleaning.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs
  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

     


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    JAC27
    1 Copper

    Re: Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

    Hi 🙂

    I will follow your instructions for the DDS scan. So far so good as far as to no lingering effects. I've run many full scans with various scanners: Norton 360, Malwarebytes, Spybot, Ad-Aware, & Trend Micro online HouseCall, which just finished.

    Below are all the names I could gather, and what scanner found what: I also found the program that was exploited originally and uninstalled it (Adobe Acrobat 8.xx).

    Wednesday:
    0.9363188669021173.exe (Norton)
    5f.tmp (Norton)
    Trojan.Zbot several times until deleted by Malwarebytes (Norton detected)

    Thursday:
    No problems, no detected threats

    Friday:
    0.41560240649622193.exe (Norton)
    smss32.exe (Norton)
    Trojan.Blotter (Malwarebytes)
    Trojan.FakeAlert (Malwarebytes)

    At this point, Windows would not load. A quick trip to the local Best Buy (Geek Squad) Saturday evening resolved the problem by replacing a missing registry key.

    Saturday night:
    Downloader (Norton, labeled as virus, 2 entries)

    Today, first attempt back on the 'Net for updates since the attack:
    Trojan.Virantix (Norton)
    After repeated clean scans by Malwarebytes & Norton, I went back on the Internet to update Spybot (forgot it before). The following Spybot scan found:
    Win32.Agent.pz

    Followed up with:
    Ad-Aware (Clean scan/No threats)
    Trend Micro online HouseCall (Clean scan/No threats)

    All are claimed to have been resolved at this time. I believe that's all of them, AFAIK. Norton security log not showing high risk entries anymore so far.

    I'll post the DDS results as soon as I can.

    Thank you.

    Best Regards,

    JA Churchman

    0 Kudos
    JAC27
    1 Copper

    Re: Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

    Hi again,

    Here's the 2 DDS files below.

    (DDS_Text)

     
    DDS (Ver_09-12-01.01) - NTFSx86 
    Run by Jaxx at 18:20:50.18 on Sun 01/17/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2047.1384

    [GMT -5:00]

    AV: Norton 360 *On-access scanning disabled* (Updated)  

    {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled*   {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Jaxx\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bussecompanystore.com/
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

    c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -

    c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
    BHO: Symantec Intrusion Prevention:

    {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton

    360\engine\3.5.2.11\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -

    c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d}

    - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper:

    {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

    files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}

    - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program

    files\norton 360\engine\3.5.2.11\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

    files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [swg] "c:\program

    files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe

    http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&erro

    r=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000

    082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.00

    0001da&d=00000082.000000e6.0000026f
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
    mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
    mRun: [StartCCC] "c:\program files\ati

    technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [PCMService] "c:\program files\dell\media

    experience\PCMService.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"

    -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    StartupFolder: c:\docume~1\jaxx\startm~1\programs\startup\secuni~1.lnk -

    c:\program files\secunia\psi\psi.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    IE: &ieSpell Options - c:\program

    files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel -

    c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google

    toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmside

    wiki.html
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam

    Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program

    files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program

    files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

    files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    {53707962-6F74-2D53-2644-206D7942484F} -

    c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -

    hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

    hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6

    be844f99/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

    hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -

    hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

    hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

    hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

    hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie

    nt/muweb_site.cab?1189139610125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultras

    him.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -

    hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

    hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program

    files\norton 360\engine\3.5.2.11\CoIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File

    Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys

    [2009-9-8 310320]
    R1 BHDrvx86;Symantec Heuristics

    Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys

    [2009-9-8 259632]
    R1 ccHP;Symantec Hash

    Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys

    [2009-9-8 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ips

    defs\20100116.002\IDSXpx86.sys [2010-1-17 329592]
    R2 N360;Norton 360;c:\program files\norton

    360\engine\3.5.2.11\ccSvcHst.exe [2009-9-8 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common

    files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-1 102448]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir

    usdefs\20100117.002\NAVENG.SYS [2010-1-17 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir

    usdefs\20100117.002\NAVEX15.SYS [2010-1-17 1323568]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

    files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

    =============== Created Last 30 ================

    2010-01-17 19:45:25 0 d-----w- c:\program files\Trend

    Micro
    2010-01-17 16:44:27 0 dc-h--w- 

    c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2010-01-17 16:43:57 0 d-----w- c:\program files\Lavasoft
    2010-01-17 10:11:54 411368 ----a-w- 

    c:\windows\system32\deploytk.dll
    2010-01-17 10:01:36 0 d-----w- c:\program files\Secunia
    2010-01-17 00:19:12 0 d-----w- 

    c:\docume~1\alluse~1\applic~1\Geek Squad
    2010-01-17 00:18:55 524288 ---ha-w- c:\documents and

    settings\jaxx\ntuser.dat.LOG1
    2010-01-17 00:18:55 0 ---ha-w- c:\documents and

    settings\jaxx\ntuser.dat.LOG2
    2010-01-15 14:06:56 1 ----a-w- C:\s

    ==================== Find3M  ====================

    2010-01-07 21:07:14 38224 ----a-w- 

    c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07:04 19160 ----a-w- 

    c:\windows\system32\drivers\mbam.sys
    2009-11-14 00:47:32 90112 ----a-w- 

    c:\windows\system32\dpl100.dll
    2009-11-14 00:47:28 856064 ----a-w- 

    c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47:28 856064 ----a-w- 

    c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47:28 847872 ----a-w- 

    c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47:28 843776 ----a-w- 

    c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47:28 839680 ----a-w- 

    c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47:28 696320 ----a-w- 

    c:\windows\system32\DivX.dll
    2009-10-29 07:45:38 916480 ----a-w- 

    c:\windows\system32\wininet.dll
    2009-10-21 06:00:55 75776 ----a-w- 

    c:\windows\system32\strmfilt.dll
    2009-10-21 06:00:55 25088 ----a-w- 

    c:\windows\system32\httpapi.dll

    ============= FINISH: 18:21:34.36 ===============

    ***********************************************************************************************************************************************

    (DDS_Attach)

    DDS (Ver_09-12-01.01) - NTFSx86 
    Run by Jaxx at 18:20:50.18 on Sun 01/17/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2047.1384

    [GMT -5:00]

    AV: Norton 360 *On-access scanning disabled* (Updated)  

    {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled*   {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Jaxx\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bussecompanystore.com/
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

    c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -

    c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
    BHO: Symantec Intrusion Prevention:

    {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton

    360\engine\3.5.2.11\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -

    c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d}

    - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper:

    {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

    files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}

    - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program

    files\norton 360\engine\3.5.2.11\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

    files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [swg] "c:\program

    files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe

    http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&erro

    r=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000

    082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.00

    0001da&d=00000082.000000e6.0000026f
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
    mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
    mRun: [StartCCC] "c:\program files\ati

    technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [PCMService] "c:\program files\dell\media

    experience\PCMService.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"

    -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    StartupFolder: c:\docume~1\jaxx\startm~1\programs\startup\secuni~1.lnk -

    c:\program files\secunia\psi\psi.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    IE: &ieSpell Options - c:\program

    files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel -

    c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google

    toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmside

    wiki.html
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam

    Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program

    files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program

    files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

    files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    {53707962-6F74-2D53-2644-206D7942484F} -

    c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -

    hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

    hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6

    be844f99/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

    hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -

    hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

    hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

    hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

    hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie

    nt/muweb_site.cab?1189139610125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultras

    him.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -

    hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

    hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program

    files\norton 360\engine\3.5.2.11\CoIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File

    Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys

    [2009-9-8 310320]
    R1 BHDrvx86;Symantec Heuristics

    Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys

    [2009-9-8 259632]
    R1 ccHP;Symantec Hash

    Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys

    [2009-9-8 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ips

    defs\20100116.002\IDSXpx86.sys [2010-1-17 329592]
    R2 N360;Norton 360;c:\program files\norton

    360\engine\3.5.2.11\ccSvcHst.exe [2009-9-8 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common

    files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-1 102448]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir

    usdefs\20100117.002\NAVENG.SYS [2010-1-17 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir

    usdefs\20100117.002\NAVEX15.SYS [2010-1-17 1323568]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

    files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

    =============== Created Last 30 ================

    2010-01-17 19:45:25 0 d-----w- c:\program files\Trend

    Micro
    2010-01-17 16:44:27 0 dc-h--w- 

    c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2010-01-17 16:43:57 0 d-----w- c:\program files\Lavasoft
    2010-01-17 10:11:54 411368 ----a-w- 

    c:\windows\system32\deploytk.dll
    2010-01-17 10:01:36 0 d-----w- c:\program files\Secunia
    2010-01-17 00:19:12 0 d-----w- 

    c:\docume~1\alluse~1\applic~1\Geek Squad
    2010-01-17 00:18:55 524288 ---ha-w- c:\documents and

    settings\jaxx\ntuser.dat.LOG1
    2010-01-17 00:18:55 0 ---ha-w- c:\documents and

    settings\jaxx\ntuser.dat.LOG2
    2010-01-15 14:06:56 1 ----a-w- C:\s

    ==================== Find3M  ====================

    2010-01-07 21:07:14 38224 ----a-w- 

    c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07:04 19160 ----a-w- 

    c:\windows\system32\drivers\mbam.sys
    2009-11-14 00:47:32 90112 ----a-w- 

    c:\windows\system32\dpl100.dll
    2009-11-14 00:47:28 856064 ----a-w- 

    c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47:28 856064 ----a-w- 

    c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47:28 847872 ----a-w- 

    c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47:28 843776 ----a-w- 

    c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47:28 839680 ----a-w- 

    c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47:28 696320 ----a-w- 

    c:\windows\system32\DivX.dll
    2009-10-29 07:45:38 916480 ----a-w- 

    c:\windows\system32\wininet.dll
    2009-10-21 06:00:55 75776 ----a-w- 

    c:\windows\system32\strmfilt.dll
    2009-10-21 06:00:55 25088 ----a-w- 

    c:\windows\system32\httpapi.dll

    ============= FINISH: 18:21:34.36 ===============

     

    I hope that I did it right! Thanks again for your help. 🙂

    Best Regards,

    JA Churchman

    0 Kudos
    Bugbatter
    6 Gallium

    Re: Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

    Your log looks good.

    Your Java update 17 is one version out of  date. You might as well update that.

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 18 .
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.

  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • From your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

    To disable the JQS service if you don't want to use it:

    * Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.

    * Click Ok and reboot your computer.

    Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

    If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

    The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

    1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

    2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.

    3.You might consider installing Mozilla / Firefox.
    http://www.mozilla.com/en-US/

    4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

    5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

    6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

    7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Red for Warning = STOP
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown

    There is a Web Of Trust version for Firefox as well.

    8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
    It will:
    Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
    Restrict the actions of potentially unwanted sites in Internet Explorer.
    Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
    Periodically check for updates

    9. Here are some helpful articles:
    "How did I get infected?"
    http://www.bleepingcomputer.com/forums/topic2520.html


    "I'm not pulling your leg, honest"
    by Sandi Hardmeier
    http://www.microsoft.com/windows/IE/community/columns/pulling.mspx


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    JAC27
    1 Copper

    Re: Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

    Hi 🙂

    Thank you very much, and I will read & follow your suggestions above.  I really appreciate the help! 🙂

    Best regards,

    JA Churchman

    0 Kudos
    Bugbatter
    6 Gallium

    Re: Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

    You do have a Google Dictionary entry that you can remove because it is an orphan and has no file attached to it.

    If you want to remove it, run HijackThis and place a checkmark next to the following:

    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

    Close all other windows and click "Fix Checked". Close Hijackthis, and reboot.

    I'm glad we were able to help.
    NOTE: The issue has been resolved, so this thread is now closed.
    Everyone else who is having a similar issue, please begin a
    New Message at the top of the forum.


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos