View Full Version : HSA / HJT log for review - cowboyssix
cowboyssix
4 Dec 2004, 12:10am
Help! Home Search Assistant is alive & well. I use Windows ME. I've run both spybot & adaware. It appears that this stuff is eating up memory space.
Please help.
cowboyssix
Buckeye_Sam
5 Dec 2004, 10:45pm
If you still need need help for this problem please post a new hijackthis log. Please post it into the message, not as an attachment.
cowboyssix
6 Dec 2004, 6:24pm
Buckeye_Sam,
Thank you for the response. I don't know what's going on with my note pad. When I open the HJT folder it will display for a couple of seconds before it disappears. It won't stay open long enough to cut & paste. What should I do,
cowboyssix
SpywareShooter
7 Dec 2004, 12:07am
Some versions of CWS (a previous version of HSA) try to stop spyware removing programs from running, and some types of spyware overwrite Notepad. Post the log as an attachment for now and hopefully we can get Notepad working.
cowboyssix
7 Dec 2004, 4:55pm
Some versions of CWS (a previous version of HSA) try to stop spyware removing programs from running, and some types of spyware overwrite Notepad. Post the log as an attachment for now and hopefully we can get Notepad working.
SpywareShooter,
Thank you for your response. Please see attached HJT log. Again I am experiencing problems with my notepad. Sorry for the inconvenience.
Logfile of HijackThis v1.98.2
Scan saved at 9:36:35 AM, on 12/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\WINDOWS\SYSTEM\MSSS.EXE
C:\WINDOWS\NTYK.EXE
C:\WINDOWS\IPOZ32.EXE
C:\WINDOWS\MSWZ.EXE
C:\WINDOWS\APPJX32.EXE
C:\WINDOWS\CRVF32.EXE
C:\WINDOWS\WINRK32.EXE
C:\WINDOWS\MSLM.EXE
C:\WINDOWS\D3UZ32.EXE
C:\WINDOWS\SYSTEM\ADDPJ.EXE
C:\WINDOWS\IPIY.EXE
C:\WINDOWS\SYSTEM\SYSUM32.EXE
C:\WINDOWS\ATLXZ32.EXE
C:\WINDOWS\SYSTEM\IPFS.EXE
C:\WINDOWS\SYSTEM\IPWL32.EXE
C:\WINDOWS\APIQI32.EXE
C:\WINDOWS\MSHY32.EXE
C:\WINDOWS\SYSTEM\SDKZE32.EXE
C:\WINDOWS\NTJY32.EXE
C:\WINDOWS\SYSTEM\NETUK.EXE
C:\WINDOWS\CRWP.EXE
C:\WINDOWS\MSAK32.EXE
C:\WINDOWS\SYSTEM\WINNT.EXE
C:\WINDOWS\SYSTEM\SDKYG.EXE
C:\WINDOWS\ATLNR.EXE
C:\WINDOWS\SYSTEM\ADDMV.EXE
C:\WINDOWS\SYSUK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\JAVAQM32.EXE
C:\WINDOWS\SYSTEM\IPUG32.EXE
C:\WINDOWS\SYSTEM\IEOW32.EXE
C:\WINDOWS\SYSTEM\APIXC.EXE
C:\WINDOWS\NTGC.EXE
C:\WINDOWS\NTHV.EXE
C:\WINDOWS\ATLMZ.EXE
C:\WINDOWS\SYSTEM\APPZD32.EXE
C:\WINDOWS\SDKOO.EXE
C:\WINDOWS\ATLDY.EXE
C:\WINDOWS\SDKXA.EXE
C:\WINDOWS\SYSTEM\APPBN.EXE
C:\WINDOWS\WINPF32.EXE
C:\WINDOWS\ADDWI32.EXE
C:\WINDOWS\NETUO32.EXE
C:\WINDOWS\SYSTEM\JAVAOU.EXE
C:\WINDOWS\WINYD.EXE
C:\WINDOWS\SYSTEM\ADDKL32.EXE
C:\WINDOWS\MFCTW.EXE
C:\WINDOWS\NTVF.EXE
C:\WINDOWS\SYSTEM\MSEC.EXE
C:\WINDOWS\SYSTEM\WINEF32.EXE
C:\WINDOWS\SYSTEM\SDKFT.EXE
C:\WINDOWS\SYSTEM\ADDFZ32.EXE
C:\WINDOWS\SYSTEM\ADDAC32.EXE
C:\WINDOWS\SYSTEM\MSYH.EXE
C:\WINDOWS\SYSTEM\NTKM32.EXE
C:\WINDOWS\SYSTEM\MFCJU32.EXE
C:\WINDOWS\IPRY32.EXE
C:\WINDOWS\SYSTP.EXE
C:\WINDOWS\SYSTEM\IPGD32.EXE
C:\WINDOWS\SYSTEM\MSEG.EXE
C:\WINDOWS\NTGB.EXE
C:\WINDOWS\SYSTEM\ADDOP32.EXE
C:\WINDOWS\SYSTEM\JAVABD32.EXE
C:\WINDOWS\SDKPU32.EXE
C:\WINDOWS\D3VE32.EXE
C:\WINDOWS\SYSTEM\IESQ32.EXE
C:\WINDOWS\MFCBB.EXE
C:\WINDOWS\SYSTEM\NETXT.EXE
C:\WINDOWS\SYSTEM\ADDSU32.EXE
C:\WINDOWS\SYSTEM\APIZD32.EXE
C:\WINDOWS\SYSTEM\APIQH.EXE
C:\WINDOWS\MSFM.EXE
C:\WINDOWS\MSJP.EXE
C:\WINDOWS\SYSTEM\SYSRS.EXE
C:\WINDOWS\SYSTEM\JAVAQY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SOFTWARE\SOFTWARE.EXE
C:\WINDOWS\SYSTEM\D3TU.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\IPOZ32.EXE
C:\WINDOWS\SYSTEM\APIQH.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TSC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tbjuw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {BA402C19-ABBE-D766-2E8F-97AC50E58957} - C:\WINDOWS\IEPB32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Software] C:\WINDOWS\SYSTEM\SOFTWARE\SOFTWARE.EXE
O4 - HKLM\..\Run: [D3TU.EXE] C:\WINDOWS\SYSTEM\D3TU.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunServices: [IPIY.EXE] C:\WINDOWS\IPIY.EXE
O4 - HKLM\..\RunServices: [APPJX32.EXE] C:\WINDOWS\APPJX32.EXE
O4 - HKLM\..\RunServices: [IPOZ32.EXE] C:\WINDOWS\IPOZ32.EXE
O4 - HKLM\..\RunServices: [SYSUM32.EXE] C:\WINDOWS\SYSTEM\SYSUM32.EXE
O4 - HKLM\..\RunServices: [MSSS.EXE] C:\WINDOWS\SYSTEM\MSSS.EXE
O4 - HKLM\..\RunServices: [NTYK.EXE] C:\WINDOWS\NTYK.EXE
O4 - HKLM\..\RunServices: [WINRK32.EXE] C:\WINDOWS\WINRK32.EXE
O4 - HKLM\..\RunServices: [ATLXZ32.EXE] C:\WINDOWS\ATLXZ32.EXE
O4 - HKLM\..\RunServices: [MSWZ.EXE] C:\WINDOWS\MSWZ.EXE
O4 - HKLM\..\RunServices: [MSLM.EXE] C:\WINDOWS\MSLM.EXE
O4 - HKLM\..\RunServices: [ADDPJ.EXE] C:\WINDOWS\SYSTEM\ADDPJ.EXE
O4 - HKLM\..\RunServices: [IPFS.EXE] C:\WINDOWS\SYSTEM\IPFS.EXE
O4 - HKLM\..\RunServices: [NETUK.EXE] C:\WINDOWS\SYSTEM\NETUK.EXE
O4 - HKLM\..\RunServices: [CRVF32.EXE] C:\WINDOWS\CRVF32.EXE
O4 - HKLM\..\RunServices: [D3UZ32.EXE] C:\WINDOWS\D3UZ32.EXE
O4 - HKLM\..\RunServices: [APIQI32.EXE] C:\WINDOWS\APIQI32.EXE
O4 - HKLM\..\RunServices: [MSAK32.EXE] C:\WINDOWS\MSAK32.EXE
O4 - HKLM\..\RunServices: [NTJY32.EXE] C:\WINDOWS\NTJY32.EXE
O4 - HKLM\..\RunServices: [ATLNR.EXE] C:\WINDOWS\ATLNR.EXE
O4 - HKLM\..\RunServices: [SDKZE32.EXE] C:\WINDOWS\SYSTEM\SDKZE32.EXE
O4 - HKLM\..\RunServices: [IPWL32.EXE] C:\WINDOWS\SYSTEM\IPWL32.EXE
O4 - HKLM\..\RunServices: [MSHY32.EXE] C:\WINDOWS\MSHY32.EXE
O4 - HKLM\..\RunServices: [CRWP.EXE] C:\WINDOWS\CRWP.EXE
O4 - HKLM\..\RunServices: [WINNT.EXE] C:\WINDOWS\SYSTEM\WINNT.EXE
O4 - HKLM\..\RunServices: [JAVAQM32.EXE] C:\WINDOWS\SYSTEM\JAVAQM32.EXE
O4 - HKLM\..\RunServices: [SDKYG.EXE] C:\WINDOWS\SYSTEM\SDKYG.EXE
O4 - HKLM\..\RunServices: [ADDMV.EXE] C:\WINDOWS\SYSTEM\ADDMV.EXE
O4 - HKLM\..\RunServices: [SYSUK.EXE] C:\WINDOWS\SYSUK.EXE
O4 - HKLM\..\RunServices: [APIXC.EXE] C:\WINDOWS\SYSTEM\APIXC.EXE
O4 - HKLM\..\RunServices: [IEOW32.EXE] C:\WINDOWS\SYSTEM\IEOW32.EXE
O4 - HKLM\..\RunServices: [NTHV.EXE] C:\WINDOWS\NTHV.EXE
O4 - HKLM\..\RunServices: [IPUG32.EXE] C:\WINDOWS\SYSTEM\IPUG32.EXE
O4 - HKLM\..\RunServices: [APPZD32.EXE] C:\WINDOWS\SYSTEM\APPZD32.EXE
O4 - HKLM\..\RunServices: [ATLMZ.EXE] C:\WINDOWS\ATLMZ.EXE
O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\ATLDY.EXE
O4 - HKLM\..\RunServices: [NTGC.EXE] C:\WINDOWS\NTGC.EXE
O4 - HKLM\..\RunServices: [ADDWI32.EXE] C:\WINDOWS\ADDWI32.EXE
O4 - HKLM\..\RunServices: [APPBN.EXE] C:\WINDOWS\SYSTEM\APPBN.EXE
O4 - HKLM\..\RunServices: [WINYD.EXE] C:\WINDOWS\WINYD.EXE
O4 - HKLM\..\RunServices: [WINPF32.EXE] C:\WINDOWS\WINPF32.EXE
O4 - HKLM\..\RunServices: [SDKXA.EXE] C:\WINDOWS\SDKXA.EXE
O4 - HKLM\..\RunServices: [JAVAOU.EXE] C:\WINDOWS\SYSTEM\JAVAOU.EXE
O4 - HKLM\..\RunServices: [SDKOO.EXE] C:\WINDOWS\SDKOO.EXE
O4 - HKLM\..\RunServices: [ADDKL32.EXE] C:\WINDOWS\SYSTEM\ADDKL32.EXE
O4 - HKLM\..\RunServices: [NTVF.EXE] C:\WINDOWS\NTVF.EXE
O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\NETUO32.EXE
O4 - HKLM\..\RunServices: [MFCTW.EXE] C:\WINDOWS\MFCTW.EXE
O4 - HKLM\..\RunServices: [MSEC.EXE] C:\WINDOWS\SYSTEM\MSEC.EXE
O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\SYSTEM\WINEF32.EXE
O4 - HKLM\..\RunServices: [SDKFT.EXE] C:\WINDOWS\SYSTEM\SDKFT.EXE
O4 - HKLM\..\RunServices: [ADDAC32.EXE] C:\WINDOWS\SYSTEM\ADDAC32.EXE
O4 - HKLM\..\RunServices: [ADDFZ32.EXE] C:\WINDOWS\SYSTEM\ADDFZ32.EXE
O4 - HKLM\..\RunServices: [NTKM32.EXE] C:\WINDOWS\SYSTEM\NTKM32.EXE
O4 - HKLM\..\RunServices: [MSYH.EXE] C:\WINDOWS\SYSTEM\MSYH.EXE
O4 - HKLM\..\RunServices: [MFCJU32.EXE] C:\WINDOWS\SYSTEM\MFCJU32.EXE
O4 - HKLM\..\RunServices: [IPRY32.EXE] C:\WINDOWS\IPRY32.EXE
O4 - HKLM\..\RunServices: [SYSTP.EXE] C:\WINDOWS\SYSTP.EXE
O4 - HKLM\..\RunServices: [IPGD32.EXE] C:\WINDOWS\SYSTEM\IPGD32.EXE
O4 - HKLM\..\RunServices: [MSEG.EXE] C:\WINDOWS\SYSTEM\MSEG.EXE
O4 - HKLM\..\RunServices: [NTGB.EXE] C:\WINDOWS\NTGB.EXE
O4 - HKLM\..\RunServices: [ADDOP32.EXE] C:\WINDOWS\SYSTEM\ADDOP32.EXE
O4 - HKLM\..\RunServices: [JAVABD32.EXE] C:\WINDOWS\SYSTEM\JAVABD32.EXE
O4 - HKLM\..\RunServices: [SDKPU32.EXE] C:\WINDOWS\SDKPU32.EXE
O4 - HKLM\..\RunServices: [IESQ32.EXE] C:\WINDOWS\SYSTEM\IESQ32.EXE
O4 - HKLM\..\RunServices: [D3VE32.EXE] C:\WINDOWS\D3VE32.EXE
O4 - HKLM\..\RunServices: [MFCBB.EXE] C:\WINDOWS\MFCBB.EXE
O4 - HKLM\..\RunServices: [NETXT.EXE] C:\WINDOWS\SYSTEM\NETXT.EXE
O4 - HKLM\..\RunServices: [ADDSU32.EXE] C:\WINDOWS\SYSTEM\ADDSU32.EXE
O4 - HKLM\..\RunServices: [APIZD32.EXE] C:\WINDOWS\SYSTEM\APIZD32.EXE
O4 - HKLM\..\RunServices: [APIQH.EXE] C:\WINDOWS\SYSTEM\APIQH.EXE
O4 - HKLM\..\RunServices: [MSFM.EXE] C:\WINDOWS\MSFM.EXE
O4 - HKLM\..\RunServices: [MSJP.EXE] C:\WINDOWS\MSJP.EXE
O4 - HKLM\..\RunServices: [SYSRS.EXE] C:\WINDOWS\SYSTEM\SYSRS.EXE
O4 - HKLM\..\RunServices: [JAVAQY.EXE] C:\WINDOWS\SYSTEM\JAVAQY.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.finefind.net
Hi cowboyssox. I've opened you HJT and posted your log for you. :)
cowboyssix
7 Dec 2004, 5:45pm
Hi cowboyssox. I've opened you HJT and posted your log for you. :)
Trogan-1000
Thank you so much for opening my HJT log. I was experiencing problems with notepad. Please review my HJT log in the previous post of this thread and advise.
Thank you, cowboyssix
SpywareShooter
7 Dec 2004, 9:48pm
Wow, this is another very bad infection. Be glad it was only your notepad that doesn't work.
O4 - HKLM\..\RunServices: [IPIY.EXE] C:\WINDOWS\IPIY.EXE
O4 - HKLM\..\RunServices: [APPJX32.EXE] C:\WINDOWS\APPJX32.EXE
O4 - HKLM\..\RunServices: [IPOZ32.EXE] C:\WINDOWS\IPOZ32.EXE
O4 - HKLM\..\RunServices: [SYSUM32.EXE] C:\WINDOWS\SYSTEM\SYSUM32.EXE
O4 - HKLM\..\RunServices: [MSSS.EXE] C:\WINDOWS\SYSTEM\MSSS.EXE
O4 - HKLM\..\RunServices: [NTYK.EXE] C:\WINDOWS\NTYK.EXE
O4 - HKLM\..\RunServices: [WINRK32.EXE] C:\WINDOWS\WINRK32.EXE
O4 - HKLM\..\RunServices: [ATLXZ32.EXE] C:\WINDOWS\ATLXZ32.EXE
O4 - HKLM\..\RunServices: [MSWZ.EXE] C:\WINDOWS\MSWZ.EXE
O4 - HKLM\..\RunServices: [MSLM.EXE] C:\WINDOWS\MSLM.EXE
O4 - HKLM\..\RunServices: [ADDPJ.EXE] C:\WINDOWS\SYSTEM\ADDPJ.EXE
O4 - HKLM\..\RunServices: [IPFS.EXE] C:\WINDOWS\SYSTEM\IPFS.EXE
O4 - HKLM\..\RunServices: [NETUK.EXE] C:\WINDOWS\SYSTEM\NETUK.EXE
O4 - HKLM\..\RunServices: [CRVF32.EXE] C:\WINDOWS\CRVF32.EXE
O4 - HKLM\..\RunServices: [D3UZ32.EXE] C:\WINDOWS\D3UZ32.EXE
O4 - HKLM\..\RunServices: [APIQI32.EXE] C:\WINDOWS\APIQI32.EXE
O4 - HKLM\..\RunServices: [MSAK32.EXE] C:\WINDOWS\MSAK32.EXE
O4 - HKLM\..\RunServices: [NTJY32.EXE] C:\WINDOWS\NTJY32.EXE
O4 - HKLM\..\RunServices: [ATLNR.EXE] C:\WINDOWS\ATLNR.EXE
O4 - HKLM\..\RunServices: [SDKZE32.EXE] C:\WINDOWS\SYSTEM\SDKZE32.EXE
O4 - HKLM\..\RunServices: [IPWL32.EXE] C:\WINDOWS\SYSTEM\IPWL32.EXE
O4 - HKLM\..\RunServices: [MSHY32.EXE] C:\WINDOWS\MSHY32.EXE
O4 - HKLM\..\RunServices: [CRWP.EXE] C:\WINDOWS\CRWP.EXE
O4 - HKLM\..\RunServices: [WINNT.EXE] C:\WINDOWS\SYSTEM\WINNT.EXE
O4 - HKLM\..\RunServices: [JAVAQM32.EXE] C:\WINDOWS\SYSTEM\JAVAQM32.EXE
O4 - HKLM\..\RunServices: [SDKYG.EXE] C:\WINDOWS\SYSTEM\SDKYG.EXE
O4 - HKLM\..\RunServices: [ADDMV.EXE] C:\WINDOWS\SYSTEM\ADDMV.EXE
O4 - HKLM\..\RunServices: [SYSUK.EXE] C:\WINDOWS\SYSUK.EXE
O4 - HKLM\..\RunServices: [APIXC.EXE] C:\WINDOWS\SYSTEM\APIXC.EXE
O4 - HKLM\..\RunServices: [IEOW32.EXE] C:\WINDOWS\SYSTEM\IEOW32.EXE
O4 - HKLM\..\RunServices: [NTHV.EXE] C:\WINDOWS\NTHV.EXE
O4 - HKLM\..\RunServices: [IPUG32.EXE] C:\WINDOWS\SYSTEM\IPUG32.EXE
O4 - HKLM\..\RunServices: [APPZD32.EXE] C:\WINDOWS\SYSTEM\APPZD32.EXE
O4 - HKLM\..\RunServices: [ATLMZ.EXE] C:\WINDOWS\ATLMZ.EXE
O4 - HKLM\..\RunServices: [ATLDY.EXE] C:\WINDOWS\ATLDY.EXE
O4 - HKLM\..\RunServices: [NTGC.EXE] C:\WINDOWS\NTGC.EXE
O4 - HKLM\..\RunServices: [ADDWI32.EXE] C:\WINDOWS\ADDWI32.EXE
O4 - HKLM\..\RunServices: [APPBN.EXE] C:\WINDOWS\SYSTEM\APPBN.EXE
O4 - HKLM\..\RunServices: [WINYD.EXE] C:\WINDOWS\WINYD.EXE
O4 - HKLM\..\RunServices: [WINPF32.EXE] C:\WINDOWS\WINPF32.EXE
O4 - HKLM\..\RunServices: [SDKXA.EXE] C:\WINDOWS\SDKXA.EXE
O4 - HKLM\..\RunServices: [JAVAOU.EXE] C:\WINDOWS\SYSTEM\JAVAOU.EXE
O4 - HKLM\..\RunServices: [SDKOO.EXE] C:\WINDOWS\SDKOO.EXE
O4 - HKLM\..\RunServices: [ADDKL32.EXE] C:\WINDOWS\SYSTEM\ADDKL32.EXE
O4 - HKLM\..\RunServices: [NTVF.EXE] C:\WINDOWS\NTVF.EXE
O4 - HKLM\..\RunServices: [NETUO32.EXE] C:\WINDOWS\NETUO32.EXE
O4 - HKLM\..\RunServices: [MFCTW.EXE] C:\WINDOWS\MFCTW.EXE
O4 - HKLM\..\RunServices: [MSEC.EXE] C:\WINDOWS\SYSTEM\MSEC.EXE
O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\SYSTEM\WINEF32.EXE
O4 - HKLM\..\RunServices: [SDKFT.EXE] C:\WINDOWS\SYSTEM\SDKFT.EXE
O4 - HKLM\..\RunServices: [ADDAC32.EXE] C:\WINDOWS\SYSTEM\ADDAC32.EXE
O4 - HKLM\..\RunServices: [ADDFZ32.EXE] C:\WINDOWS\SYSTEM\ADDFZ32.EXE
O4 - HKLM\..\RunServices: [NTKM32.EXE] C:\WINDOWS\SYSTEM\NTKM32.EXE
O4 - HKLM\..\RunServices: [MSYH.EXE] C:\WINDOWS\SYSTEM\MSYH.EXE
O4 - HKLM\..\RunServices: [MFCJU32.EXE] C:\WINDOWS\SYSTEM\MFCJU32.EXE
O4 - HKLM\..\RunServices: [IPRY32.EXE] C:\WINDOWS\IPRY32.EXE
O4 - HKLM\..\RunServices: [SYSTP.EXE] C:\WINDOWS\SYSTP.EXE
O4 - HKLM\..\RunServices: [IPGD32.EXE] C:\WINDOWS\SYSTEM\IPGD32.EXE
O4 - HKLM\..\RunServices: [MSEG.EXE] C:\WINDOWS\SYSTEM\MSEG.EXE
O4 - HKLM\..\RunServices: [NTGB.EXE] C:\WINDOWS\NTGB.EXE
O4 - HKLM\..\RunServices: [ADDOP32.EXE] C:\WINDOWS\SYSTEM\ADDOP32.EXE
O4 - HKLM\..\RunServices: [JAVABD32.EXE] C:\WINDOWS\SYSTEM\JAVABD32.EXE
O4 - HKLM\..\RunServices: [SDKPU32.EXE] C:\WINDOWS\SDKPU32.EXE
O4 - HKLM\..\RunServices: [IESQ32.EXE] C:\WINDOWS\SYSTEM\IESQ32.EXE
O4 - HKLM\..\RunServices: [D3VE32.EXE] C:\WINDOWS\D3VE32.EXE
O4 - HKLM\..\RunServices: [MFCBB.EXE] C:\WINDOWS\MFCBB.EXE
O4 - HKLM\..\RunServices: [NETXT.EXE] C:\WINDOWS\SYSTEM\NETXT.EXE
O4 - HKLM\..\RunServices: [ADDSU32.EXE] C:\WINDOWS\SYSTEM\ADDSU32.EXE
O4 - HKLM\..\RunServices: [APIZD32.EXE] C:\WINDOWS\SYSTEM\APIZD32.EXE
O4 - HKLM\..\RunServices: [APIQH.EXE] C:\WINDOWS\SYSTEM\APIQH.EXE
O4 - HKLM\..\RunServices: [MSFM.EXE] C:\WINDOWS\MSFM.EXE
O4 - HKLM\..\RunServices: [MSJP.EXE] C:\WINDOWS\MSJP.EXE
O4 - HKLM\..\RunServices: [SYSRS.EXE] C:\WINDOWS\SYSTEM\SYSRS.EXE
O4 - HKLM\..\RunServices: [JAVAQY.EXE] C:\WINDOWS\SYSTEM\JAVAQY.EXE
For starters, fix those entries then find and delete the files I listed above. Once you've done that, pull the plug on your computer and post a new log.
Also, do not reboot normally or use Internet Explorer (use Firefox instead) until I say your log is okay.
I also just got a few more sites to add to Spyware Shooter thanks to this log. A great step in the fight against HSA :)
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.