x_6985381 Posted June 29, 2008 CID Share Posted June 29, 2008 I've just recently 5 minutes ago decided to give HijackThis a try, but I'm completely lost on how to or even start to notice if I'm infected or if I'm running a clean system. I'll include my scan file, please help me understand what this scans for and how to remove any infections, thanks all. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:37 PM, on 6/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32Rundll32.exe C:Program FilesRazerCopperheadrazerhid.exe C:WINDOWSsystem32RUNDLL32.EXE C:Program FilesGadwin SystemsPrintScreenPrintScreen.exe C:Program FilesSpybot - Search & DestroyTeaTimer.exe C:Program FilesAIMaim.exe C:Program FilesXfirexfire.exe C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesNVIDIA CorporationnTunenTuneService.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32PnkBstrA.exe C:WINDOWSsystem32PnkBstrB.exe C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe C:Program FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe C:Program FilesRazerCopperheadrazerofa.exe C:Program FilesMozilla Firefoxfirefox.exe C:WINDOWSsystem32HPZipm12.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll O2 - BHO: (no name) - {D2041ABE-7FD8-4850-B18F-68D907991DB3} - (no file) O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll O4 - HKLM..Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM..Run: [Media Codec Update Service] C:Program FilesEssentials Codec Packupdate.exe -silent O4 - HKLM..Run: [Copperhead] C:Program FilesRazerCopperheadrazerhid.exe O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKCU..Run: [Gadwin PrintScreen] C:Program FilesGadwin SystemsPrintScreenPrintScreen.exe /nosplash O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe O4 - HKCU..Run: [NVIDIA nTune] C:Program FilesNVIDIA CorporationnTunenTuneCmd.exe resetprofile O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl O4 - Startup: Xfire.lnk = C:Program FilesXfirexfire.exe O8 - Extra context menu item: &Download All with FlashGet - C:Program FilesFlashGetjc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:Program FilesFlashGetjc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O20 - Winlogon Notify: pmnljGaX - pmnljGaX.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:Program FilesNVIDIA CorporationnTunenTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:Program FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe -- End of file - 6953 bytes Link to comment Share on other sites More sharing options...
mudmanc4 Posted June 29, 2008 CID Share Posted June 29, 2008 Do you have a razor mouse ? Link to comment Share on other sites More sharing options...
x_6985381 Posted June 29, 2008 Author CID Share Posted June 29, 2008 Yeah a Razer Copperhead, uh oh my gaming sides showing. Link to comment Share on other sites More sharing options...
coknuck Posted June 29, 2008 CID Share Posted June 29, 2008 Post your log here and it will tell you whats good or bad! http://www.hijackthis.de/ Edit: You have 4 things you need to fix! Link to comment Share on other sites More sharing options...
x_6985381 Posted June 29, 2008 Author CID Share Posted June 29, 2008 Thank you very much for that url, makes this just that much easier, gonna go restart and try in safe-mode, thanks Coknuck! Link to comment Share on other sites More sharing options...
coknuck Posted June 29, 2008 CID Share Posted June 29, 2008 Your welcome! Link to comment Share on other sites More sharing options...
.thumb.jpg.8c31542255bb3cc7d7d90c8909679b27.jpg)
Recommended Posts