eternal_drake Posted February 21, 2006 Report Share Posted February 21, 2006 some guy on Irc tricked me into changing my username to O12345678 and it banned me and injected the Optix1Bot trojan, http://www.gaiaonline.com/gaia/redirect.ph...iri%3DOptix1Bot.here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 5:12:30 PM, on 2/21/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32csrss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:LiteSteplitestep.exeC:Program FilesCommon FilesLightScribeLSSrvc.exeC:WINDOWSSystem32nvsvc32.exeC:WINDOWSSystem32wdfmgr.exeC:WINDOWSSYSTEM32rundll32.exeC:Program FilesXfireXfire.exeC:WINDOWSSystem32wuauclt.exeC:WINDOWSSystem32svchost.exeC:Program FilesInternet ExplorerIEXPLORE.EXEC:Program FilesWinampwinamp.exeC:Program FilesHydraIRCHydraIRC.exeC:PROGRA~1MOZILL~1FIREFOX.EXEC:WINDOWSexplorer.exeC:WINDOWSSystem32msipcsv.exeC:Program FilesDownloaded ProgramsHijackThis.exeR0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSSYSTEMblank.htmR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:PROGRA~1FRESHD~1FRESHD~1fdcatch.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dllO2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:WINDOWSSystem32amcis2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:PROGRA~1FRESHD~1FRESHD~1fdiebar.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dllO4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1140419464eeAOLSoftware.exeO4 - HKLM..RunOnce: [Run IPH] C:Program FilesCommon FilesAOLIPHSendIPHSend.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /backgroundO4 - HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe -quietO4 - HKCU..Run: [Aim6] "C:Program FilesCommon FilesAOLLaunchAOLLaunch.exe" /d locale=en-US ee://aol/imAppO4 - Startup: Xfire.lnk = C:Program FilesXfireXfire.exeO4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:WINDOWSSYSTEM32BelkinMonitor.exeO8 - Extra context menu item: &AOL Toolbar Search - c:program filesaolaol toolbar 3.0resourcesen-USlocalsearch.htmlO9 - Extra button: FreshDownload - {A0336B93-642C-4CEE-89A0-CB9B00E0D2F3} - C:Program FilesFreshDevicesFreshDownloadfd.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO16 - DPF: Win32 Classes - file://C:WINDOWSJavaclasseswin32ie4.cabO16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cabO16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:Program FilesCommon FilesLightScribeLSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe Link to post Share on other sites
therock247uk Posted February 22, 2006 Report Share Posted February 22, 2006 We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click hereApply the update, reboot, and post a fresh Hijack This log. Link to post Share on other sites
eternal_drake Posted February 22, 2006 Author Report Share Posted February 22, 2006 Ok I downloaded the Service Pack, and here is my new logLogfile of HijackThis v1.99.1Scan saved at 7:22:50 PM, on 2/21/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\LiteStep\litestep.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\AOL\1140419464\ee\aolsoftware.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\SYSTEM32\rundll32.exeC:\Program Files\Xfire\Xfire.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Program Files\Downloaded Programs\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\System32\amcis2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140419464\ee\AOLSoftware.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imAppO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:\WINDOWS\SYSTEM32\BelkinMonitor.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlO9 - Extra button: FreshDownload - {A0336B93-642C-4CEE-89A0-CB9B00E0D2F3} - C:\Program Files\FreshDevices\FreshDownload\fd.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cabO16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cabO16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Link to post Share on other sites
therock247uk Posted February 22, 2006 Report Share Posted February 22, 2006 Nope can you try installing it from this link http://www.microsoft.com/windowsxp/downloa...1/expresso.mspx Link to post Share on other sites
therock247uk Posted April 5, 2006 Report Share Posted April 5, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts