[laka777]

Hey everyone. I'm posting here cuz I need some help sorting through my hijack this log. There's nothing particular wrong with my computer. I'm just hoping to get my computer running smoother. Anyway, here's my log:

(I'd get rid of anything I don't NEED)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
e:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\ehome\ehtray.exe
E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
E:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\FreeWheel\FreeWheel.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
E:\Program Files\UltraMon\UltraMon.exe
E:\Program Files\UltraMon\UltraMonTaskbar.exe
E:\Program Files\PokerStars\PokerStars.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe
E:\Program Files\RVG Software\Holdem Manager\HMImport.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [ehTray] E:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Ai Nap] "E:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [UltraMon] "E:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "E:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] E:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [PMCS] "E:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Sean Chang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Rainlendar2] E:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: FreeWheel.lnk = C:\Program Files\FreeWheel\FreeWheel.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{272B2372-6173-4AB4-A5A2-560D8DB5CA39}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Unknown owner - E:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - E:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - E:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - E:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - e:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

 

[Billy O'Neal]

Hello, laka777
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

• In the meantime, please refrain from making any changes to your computer.
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Finally, please reply using the
  button in the lower left hand corner of your screen.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :wink:.

We need to run a Scan with DDS

1. Please download DDS, and save it to your desktop, from one of the following mirrors:
   • This is a mirror
   • This is another mirror
2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
3. Double click
   on your desktop.
4. If prompted by any script blocking tools, please allow any actions taken by DDS.
5. When prompted to preform an Optional Scan, please select
6. Two reports will open. Please reply with the generated reports:
   • DDS.txt <-- Copy and paste into your next post
   • Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER

1. Please download gmer.zip and save to your desktop.
   • alternate download site 1
   • alternate download site 2
2. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
3. When you have done this, disconnect from the Internet and close all running programs.
   Note: There is a small chance this application may crash your computer so save any work you have open.
4. Double-click on Gmer.exe to start the program.
5. Allow the gmer.sys driver to load if asked.
6. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
7. Click on "Settings", then check the first five settings:
   • System Protection and Tracing
   • Processes
   • Save created processes to the log
   • Drivers
   • Save loaded drivers to the log
8. You will be prompted to restart your computer. Please do so.
9. Run Gmer again and click on the Rootkit tab.
10. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
11. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
12. Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
13. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
14. Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:

• DDS.txt
• Attach.txt
• GMER's Log

Billy3

 

[Billy O'Neal]

Hello, laka777
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

BillyIII