PLEASE help.....enoying HSA

Unknown

Hi all, someone plz help me i've got the HSA and cant remove it, i used ad-aware and SS&D, it fixed some files but the HSA just geting back after some time or after a restart, plz help me, no matter how much i scan and remove it just dont want to go.

Heres my log:

Logfile of HijackThis v1.98.2
Scan saved at 07:45:47, on 29-Nov-04
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\sysdz.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\Barak013\Barak013_L2TP\fts.exe
C:\WINNT\loadqm.exe
C:\WINNT\system32\ieqc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\nnylbpb.exe
C:\Program Files\Barak013\Barak013_L2TP\FWPortal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\exohi.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\exohi.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AC10B633-1740-FF8E-0139-487B79570353} - C:\WINNT\system32\winqw.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [%FP%Barak013 L2TP fts.exe] "C:\Program Files\Barak013\Barak013_L2TP\fts.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [atlif32.exe] C:\WINNT\system32\atlif32.exe
O4 - HKLM\..\Run: [netbq32.exe] C:\WINNT\system32\netbq32.exe
O4 - HKLM\..\Run: [appjr32.exe] C:\WINNT\system32\appjr32.exe
O4 - HKLM\..\Run: [atloy32.exe] C:\WINNT\system32\atloy32.exe
O4 - HKLM\..\Run: [ieqc32.exe] C:\WINNT\system32\ieqc32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\System32\nnylbpb.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O15 - Trusted Zone: *.frame.crazywinnings.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D92E985B-495B-46BE-B916-786CBE638066}: NameServer = 212.150.49.10 206.49.94.234

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\exohi.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\exohi.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\exohi.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AC10B633-1740-FF8E-0139-487B79570353} - C:\WINNT\system32\winqw.dll
O4 - HKLM\..\Run: [atlif32.exe] C:\WINNT\system32\atlif32.exe
O4 - HKLM\..\Run: [netbq32.exe] C:\WINNT\system32\netbq32.exe
O4 - HKLM\..\Run: [appjr32.exe] C:\WINNT\system32\appjr32.exe
O4 - HKLM\..\Run: [atloy32.exe] C:\WINNT\system32\atloy32.exe
O4 - HKLM\..\Run: [ieqc32.exe] C:\WINNT\system32\ieqc32.exe
O15 - Trusted Zone: *.frame.crazywinnings.com

Fix those entries then find and delete the following files:
C:\WINNT\exohi.dll
C:\WINNT\system32\winqw.dll
C:\WINNT\system32\atlif32.exe
C:\WINNT\system32\netbq32.exe
C:\WINNT\system32\appjr32.exe
C:\WINNT\system32\atloy32.exe
C:\WINNT\system32\ieqc32.exe
C:\WINNT\system32\sysdz.exe

Then pull the plug on your computer and post a new log.

Also, do not reboot normally or use Internet Explorer (use Mozilla or Firefox instead) until I say your log is okay.

Banditoman

Thnx for the help, my sister restarted the computer but i removed some of the file u menthiond, il post a new log as soon as i can, plz try to answer as fast as u can, thnx again.

Banditoman

hi, im using FireFox now, here's my new log, thnx. btw can i use msn messenger ?

Logfile of HijackThis v1.98.2
Scan saved at 14:29:03, on 30-Nov-04
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\sysdz.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\loadqm.exe
C:\Program Files\Barak013\Barak013_L2TP\fts.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\Barak013\Barak013_L2TP\FWPortal.exe
C:\WINNT\Explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\kbbks.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\kbbks.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\kbbks.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\kbbks.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\kbbks.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B4FBCE5E-0DE0-1F85-BBEE-94F8BB59715E} - C:\WINNT\system32\crkz.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ntun32.exe] C:\WINNT\ntun32.exe
O4 - HKLM\..\Run: [%FP%Barak013 L2TP fts.exe] "C:\Program Files\Barak013\Barak013_L2TP\fts.exe"
O15 - Trusted Zone: *.frame.crazywinnings.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D92E985B-495B-46BE-B916-786CBE638066}: NameServer = 212.150.49.10 206.49.94.234