[KolorBlind]

Hi Guys
Im new to the site but SOOOOOO excited about the idea of it, I think it's WONDERFUL! So Anywhoo...

I haven't had any bad spyware problems for quite some time simply by using a combo of Spybot and Ad-Aware, but just recently I have been getting some pretty frequent, and of course annoying as well, many with sound.
Now I am a big fan of the google toolbar so some of the things that were found look to be pretty legit to me, but osme of it I don't have quite enough knowledge to make sense of, but I absorb like a sponge and I wont go off and forget about the post.
OK, so Here is the HijackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 7:52:51 PM, on 7/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\WINDOWS\System32\euk02.exe
C:\Program Files\Google\Google Earth Pro\GoogleEarth.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\DBZ7L9KM\HijackThis1991[1].exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\6dz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\RunOnce: [1hb7jkc.exe] C:\WINDOWS\System32\1hb7jkc.exe /k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115435682405
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

Thanks alot for your time & support
-Kolor

[Advertisements]

Is this for the same computer you posted for on another topic? If so, please do not post duplicates.

Otherwise, you have to update to at least SP1a before we can continue.

[greyknight17]

Is this for the same computer you posted for on another topic? If so, please do not post duplicates.

Otherwise, you have to update to at least SP1a before we can continue.

[KolorBlind]

-greyknight17-

I have 2 seperate problems here, this topic is relating to MY computer with the stats in MY profile. I shall install SP2 tonight, please let me know what to do after that.

Thanks again
-Kolor

[greyknight17]

So are these two computers or just two separate user accounts? If it's the same computer, there's no need for two HijackThis logs. Either I, or jasmonkey, should work on it. Not both of us. But if it's separate computers, then we shall proceed

Update to SP1a. Hold off on SP2 until you are all clear - otherwise it may cause problems.

[KolorBlind]

GreyKnight

These are 2 seperate computers each with a log, the other post is her log, this one is for my computer. They are both in the same room though. I will update to SP1a tonight, awaiting further instructions.

Thanks alot!
KolorBlind

[greyknight17]

Once you update to SP1a, I want you to post a new HijackThis log. We will then begin to go into the fix.

[KolorBlind]

OK, went to windows update page and it said that I updated to SP1a and Im not so sure it did, heres the log though:

Logfile of HijackThis v1.99.1
Scan saved at 7:27:50 PM, on 7/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
P:\HijackThis1991.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\6dz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\RunOnce: [1hb7jkc.exe] C:\WINDOWS\System32\1hb7jkc.exe /k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122849830411
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

If it didnt work, is there a better place to get a stand-alone install pack or something? please let me know, thanks alot!

KolorBlind

[greyknight17]

You have to get it from Microsoft (either on the website or order it from them for free). OK, let's do this then (sorry for the delay here, but we have to follow this policy):

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)

• Click on Windows Validation Assistant
• Click on the Validate Now button.
• Be patient while the ActiveX loads, do not click on any links.
• Read the instructions on this page while it's loading. You will be prompted to install - click YES.
• Enter your product key then click continue
• When it says "Validation Complete" please click Continue to return to your previous activity
• Copy what it says and paste it here.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.