Options

hsa and a corrupt notepad

Unknown
edited August 2004 in Spyware & Virus Removal
Thanks to everyone for reading my post. I'm having problems removing hsa primarily because something on my system is making notepad behave erratically, specifically, it spontaneously closes on me, making any sort of analysis of my hjt log difficult.

Here is my log file, and thanks again:

Logfile of HijackThis v1.98.2
Scan saved at 2:17:14 PM, on 8/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MFCRU32.EXE
C:\WINDOWS\SYSLP.EXE
C:\WINDOWS\MFCCI.EXE
C:\WINDOWS\MSDF32.EXE
C:\WINDOWS\SYSTEM\IEJB32.EXE
C:\WINDOWS\SYSTEM\D3IY32.EXE
C:\WINDOWS\ZQRNMB.DAT
C:\WINDOWS\SYSTEM\IPUO32.EXE
C:\WINDOWS\SYSTEM\CRGT.EXE
C:\WINDOWS\D3OI32.EXE
C:\WINDOWS\SYSTEM\ATLPH.EXE
C:\WINDOWS\SYSTEM\SYSUB32.EXE
C:\WINDOWS\IEQA.EXE
C:\WINDOWS\SYSTEM\CRBQ.EXE
C:\WINDOWS\CROH32.EXE
C:\WINDOWS\JAVAJE.EXE
C:\WINDOWS\SYSTEM\SYSON.EXE
C:\WINDOWS\SDKOV32.EXE
C:\WINDOWS\SYSTEM\JAVAUK32.EXE
C:\WINDOWS\SYSTEM\SDKPJ.EXE
C:\WINDOWS\SYSTEM\NETNS32.EXE
C:\WINDOWS\SYSTEM\IEKJ32.EXE
C:\WINDOWS\SYSTEM\SYSWU.EXE
C:\WINDOWS\CRVO32.EXE
C:\WINDOWS\SYSTEM\MFCMX32.EXE
C:\WINDOWS\SYSTEM\MFCNX32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\MFCLH32.EXE
C:\WINDOWS\SYSTEM\ADDFJ32.EXE
C:\WINDOWS\SYSTEM\NETWN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\IESR.EXE
C:\WINDOWS\SYSTEM\E_S4I2G1.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\MSDF32.EXE
C:\WINDOWS\D3OI32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fjubi.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {22B1EC47-1EAB-B7A8-630D-99F8D36BEB48} - C:\WINDOWS\WINQG32.DLL
O2 - BHO: Class - {339789A8-B52E-F9CD-F325-F7B792BF8039} - C:\WINDOWS\SYSTEM\NTLQ.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [IESR.EXE] C:\WINDOWS\SYSTEM\IESR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSDF32.EXE] C:\WINDOWS\MSDF32.EXE
O4 - HKLM\..\RunServices: [MFCCI.EXE] C:\WINDOWS\MFCCI.EXE
O4 - HKLM\..\RunServices: [D3OI32.EXE] C:\WINDOWS\D3OI32.EXE
O4 - HKLM\..\RunServices: [ZQRNMB.DAT] C:\WINDOWS\ZQRNMB.DAT
O4 - HKLM\..\RunServices: [SYSLP.EXE] C:\WINDOWS\SYSLP.EXE
O4 - HKLM\..\RunServices: [MFCRU32.EXE] C:\WINDOWS\SYSTEM\MFCRU32.EXE
O4 - HKLM\..\RunServices: [IEJB32.EXE] C:\WINDOWS\SYSTEM\IEJB32.EXE
O4 - HKLM\..\RunServices: [IPUO32.EXE] C:\WINDOWS\SYSTEM\IPUO32.EXE
O4 - HKLM\..\RunServices: [CROH32.EXE] C:\WINDOWS\CROH32.EXE
O4 - HKLM\..\RunServices: [D3IY32.EXE] C:\WINDOWS\SYSTEM\D3IY32.EXE
O4 - HKLM\..\RunServices: [CRGT.EXE] C:\WINDOWS\SYSTEM\CRGT.EXE
O4 - HKLM\..\RunServices: [CRBQ.EXE] C:\WINDOWS\SYSTEM\CRBQ.EXE
O4 - HKLM\..\RunServices: [ATLPH.EXE] C:\WINDOWS\SYSTEM\ATLPH.EXE
O4 - HKLM\..\RunServices: [SDKPJ.EXE] C:\WINDOWS\SYSTEM\SDKPJ.EXE
O4 - HKLM\..\RunServices: [SYSON.EXE] C:\WINDOWS\SYSTEM\SYSON.EXE
O4 - HKLM\..\RunServices: [SDKOV32.EXE] C:\WINDOWS\SDKOV32.EXE
O4 - HKLM\..\RunServices: [JAVAJE.EXE] C:\WINDOWS\JAVAJE.EXE
O4 - HKLM\..\RunServices: [SYSUB32.EXE] C:\WINDOWS\SYSTEM\SYSUB32.EXE
O4 - HKLM\..\RunServices: [IEQA.EXE] C:\WINDOWS\IEQA.EXE
O4 - HKLM\..\RunServices: [JAVAUK32.EXE] C:\WINDOWS\SYSTEM\JAVAUK32.EXE
O4 - HKLM\..\RunServices: [IEKJ32.EXE] C:\WINDOWS\SYSTEM\IEKJ32.EXE
O4 - HKLM\..\RunServices: [SYSWU.EXE] C:\WINDOWS\SYSTEM\SYSWU.EXE
O4 - HKLM\..\RunServices: [NETNS32.EXE] C:\WINDOWS\SYSTEM\NETNS32.EXE
O4 - HKLM\..\RunServices: [NETWN32.EXE] C:\WINDOWS\SYSTEM\NETWN32.EXE
O4 - HKLM\..\RunServices: [CRVO32.EXE] C:\WINDOWS\CRVO32.EXE
O4 - HKLM\..\RunServices: [ADDFJ32.EXE] C:\WINDOWS\SYSTEM\ADDFJ32.EXE
O4 - HKLM\..\RunServices: [MFCMX32.EXE] C:\WINDOWS\SYSTEM\MFCMX32.EXE
O4 - HKLM\..\RunServices: [MFCLH32.EXE] C:\WINDOWS\SYSTEM\MFCLH32.EXE
O4 - HKLM\..\RunServices: [MFCNX32.EXE] C:\WINDOWS\SYSTEM\MFCNX32.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited August 2004
    Welcome to ShortMedia forums. Have you read the HSA Removal Guide?
  • DexterDexter Vancouver, BC Canada
    edited August 2004
    See post #3 in the Guide for assistance with your Notepad problem. If you have trouble with that, send me a Private message by clicking on my name next to my avatar picture, and I'll help you with it...

    Dexter...
Sign In or Register to comment.