Options

HELP! Please help me figure out how to get rid of HSA

Unknown
edited September 2005 in Spyware & Virus Removal
I've tried to get this off and think I need more help. Before I take the box up to best buy geeks perhaps someone can help me fix it? I appreciate your help! Here is my log....

Logfile of HijackThis v1.99.1
Scan saved at 11:25:05 AM, on 9/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\D3AS.EXE
C:\WINDOWS\SYSTEM\IEJW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\SIS630_V1.05\UTILITY\SISTRAY.EXE
C:\PROGRAM FILES\SIS630_V1.05\UTILITY\3D\KHOOKER.EXE
C:\WINDOWS\SYSTEM\SKDAEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\IPHW.EXE
C:\WINDOWS\SYSTEM\IEJW32.EXE
C:\PROGRAM FILES\WASHER\WASHER.EXE
C:\WINDOWS\D3AS.EXE
C:\PROGRAM FILES\WIRELESS\CLIENT MANAGER\CMAGS.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\NETSCAPE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\DEFAULTS\SITECONTROLS\UPDATELISTS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\sikzq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\sikzq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\sikzq.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\sikzq.dll/sp.html#29126
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: Class - {E70E5C74-3EAE-9568-E2EF-FC41B785DAB0} - C:\WINDOWS\SYSTEM\IPHW.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\PROGRAM FILES\SIS630_V1.05\UTILITY\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\Program Files\SiS630_V1.05\utility\3d\khooker.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IPHW.EXE] C:\WINDOWS\SYSTEM\IPHW.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IEJW32.EXE] C:\WINDOWS\SYSTEM\IEJW32.EXE
O4 - HKLM\..\RunServices: [D3AS.EXE] C:\WINDOWS\D3AS.EXE /s
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "default"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "default"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
O4 - HKCU\..\Run: [AIM] C:\MY DOCUMENTS\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "default"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Wireless Client Manager.lnk = C:\Program Files\Wireless\Client Manager\CMAGS.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\MY DOCUMENTS\AIM.EXE
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF3 2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\snnoyta.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = nc.rr.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 24.25.4.106,24.25.4.109,24.25.4.107

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2005
    Sorry about the crazy delay. We're working on beefing up our SWAT TEAM staff. Do you still need help with this issue?
  • piper123
    edited September 2005
    I actually do however, I picked the brains of the guys at best buy and it seems that a complete system restore is in order. The computer was given to me for my children, so she is looking for the start up disks. Ideally, I'd like to fix it but I've spent three weekends trying to figure it out and I am not sure how much patience I have with it now.

    FWIW, I don't have anything on the system I need to keep, just some software and drivers I can load and download. There aren't any photos or info. So if you have any ideas that would be great I'll check back later...thanks!
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2005
    We can fix it, no worries. Follow these instructions first, and then post a new HJT log, we'll have it fixed for you today :)
Sign In or Register to comment.