Hijack This Logfile - Help Please

[Unregistered]

I've been getting a lot of popups recently. Programs are crashing randomly. My computer is slower than usual. Whenever I try to browse for a file on my hard drive, or install something, it freezes.

Here is my Hijack This log:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 1:37:36 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1218)

Running processes:
E:\WINXP\System32\smss.exe
E:\WINXP\system32\winlogon.exe
E:\WINXP\system32\services.exe
E:\WINXP\system32\lsass.exe
E:\WINXP\System32\Ati2evxx.exe
E:\WINXP\system32\svchost.exe
E:\WINXP\System32\svchost.exe
E:\WINXP\system32\spoolsv.exe
E:\WINXP\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
E:\WINXP\System32\FEELitDM.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINXP\System32\UAService7.exe
E:\WINXP\system32\Ati2evxx.exe
E:\WINXP\Explorer.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINXP\System32\exdabfk.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINXP\System32\veritas.exe
E:\temp\MediaGateway.exe
E:\Program Files\ISTsvc\istsvc.exe
E:\WINXP\sbutpyi.exe
E:\Program Files\Saitek\Software\Profiler.exe
E:\Program Files\Saitek\Software\SaiSmart.exe
E:\Program Files\Saitek\Software\SaiMfd.exe
E:\PROGRA~1\IMMERS~1\IMMERS~1.1\IDesktop.exe
E:\program files\180searchassistant\salm.exe
E:\WINXP\System32\c07v4sb6.exe
E:\Program Files\Internet Optimizer\optimize.exe
E:\WINXP\seeve.exe
E:\WINXP\System32\nsvsvc\nsvsvc.exe
E:\WINXP\System32\vidctrl\vidctrl.exe
C:\Program Files\Vobq\Aujt.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\Daily Weather Forecast\weather.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Messenger\MSMSGS.EXE
E:\WINXP\System32\ctfmon.exe
E:\PROGRA~1\AIM\aim.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
E:\WINXP\System32\wuauclt.exe
E:\WINXP\System32\msiexec.exe
H:\setup.exe
E:\WINXP\System32\msiexec.exe
E:\WINXP\System32\MsiExec.exe
E:\DOCUME~1\LLOYD1~1\LOCALS~1\Temp\MSI38D.tmp
E:\WINXP\System32\MsiExec.exe
E:\DOCUME~1\LLOYD1~1\MYDOCU~1\FIREFOX.EXE
C:\HijackThis1991.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe E:\WINXP\Nail.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINXP\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - e:\program files\180searchassistant\salmhook.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - E:\WINXP\AuroraHandler.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF3366D7-291E-BD00-0096-CAC610487EC8} - E:\WINXP\System32\inscdm\aneaesbagm.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - E:\WINXP\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINXP\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINXP\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KAZAA] E:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Trickler] "e:\winxp\temp\adware\fsg_4203.exe"
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [ProSiteFinder] E:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Media Gateway] E:\temp\MediaGateway.exe
O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [CgFJdDquK] E:\WINXP\sbutpyi.exe
O4 - HKLM\..\Run: [Profiler] E:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] E:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] E:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [IDesktop] E:\PROGRA~1\IMMERS~1\IMMERS~1.1\IDesktop.exe 1
O4 - HKLM\..\Run: [salm] e:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [xchsz] E:\WINDOWS\xchsz.exe
O4 - HKLM\..\Run: [c07v4sb6] E:\WINXP\System32\c07v4sb6.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [seeve] E:\WINXP\seeve.exe
O4 - HKLM\..\Run: [Nsv] E:\WINXP\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] E:\WINXP\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [Wsqwtlo] C:\Program Files\Vobq\Aujt.exe
O4 - HKLM\..\Run: [ViewMgr] E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] E:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [odichvj] E:\WINXP\System32\exdabfk.exe r
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] E:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Steam] J:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://E:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINXP\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119847818818
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINXP\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINXP\system32\ati2sgag.exe
O23 - Service: FEELitDM - Immersion Corporation - E:\WINXP\System32\FEELitDM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - E:\WINXP\svcproc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - E:\WINXP\System32\UAService7.exe

[Ruby]

Welcome to HijackThis.de @ Guest

You have a lot of malware at your system.

Make sure you set windows to see the hidden files and folders.

You will want to copy the text from this post and save it as a text file (*.txt) or print it because you will be working offline (in safemode) to resolve your problem and not have access to this forum.

Follow these STEPS.

STEP 1
Download
of the trial version:

eScan Professional Edition

NOTE: -> Every version of eScan also discovers adware files but these files must become deleted manually, anyway.

If you don't have a zip-tool we suggest zipgenius (It is free).
You MUST Unzip 'mwav.exe' to 'C:\Bases_X' (case sensitive, any other folder and it won't work properly)
After installing some systems automatically start up the program, if this happens close it, you don't want to run it now.
Open 'My Computer'
Double click on 'C:'
Double click on the folder 'Bases_X'
Now in that root folder look for 'kavupd.exe' and double click on it. (We are updating eScan to the latest definitions.)
NOTE: You must read and then click 'ok' to the License Agreement'.

STEP 2
Now turn off your computer and remove the network cable/phone line from your machine.
Reboot your computer into Safe Mode

STEP 3
Open 'My Computer'
Double click on 'C:'
Double click on the folder 'Bases_X'
Double click on 'mwavscan.com'
Now close all other windows, browsers, and programs other then eScan before continuing
Checkmark: Memory, StartUp-Folders, Drive, All Local Drives, Registry, System Folders, Services
Now select 'Scan All Files'
Finally, click on 'Scan' (The program will take several hours to run)
When the first virus is discovered, you will get a warning 'Virus Detected'. Click 'ok'.
When the scan is complete, click 'View Log' and Save it as 'mwav.log'!

STEP 4
Reconnect your network cable/phone line
Reboot your system into normal mode.

STEP 5
Open 'My Computer'
Double click on 'C:'
Double click on the folder 'Bases_X'
Find the 'mwav.log' file in the directory.
Open it with an editor (Notepad will do fine)
Look for the files which are tagged as "virus" or "infected"
Copy&paste all these files tagged as "virus" or "infected" in a new document and save to your desktop

STEP 6
Run Hijackthis again and have it save a new log file.

Step 7

Post every file of eScan by looking for "infected" and "tagged as" to this thread:

It looks like this:

File C:\WINDOWS\sssasasb32.exe infected by "Trojan-Downloader.Win32.Agent.ig" Virus. Action Taken

File C:\Documents and Settings\Name\Local Settings\Application Data\Wildtangent\0F.dat tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.

Also post the total results:

=>Total Number of Files Scanned:
=>Total Number of Virus(es) Found:
=>Total Number of Disinfected Files:
=>Total Number of Files Renamed:
=>Total Number of Deleted Files:
=>Total Number of Errors:
***** Scanning complete. *****