Help with HSA

Print these or save them locally to a notepad file. We are adding one more step this time. And here it is:
Disconnect physically from the internet (unplug your cable)
Now these two processes need to be killed with process explorer (watch the window and make sure no other processes like these pop up).
sdkzk32.exe
ipqh32.exe

Then have HijackThis fix these two lines:
O4 - HKLM\..\RunOnce: [sdkzk32.exe] C:\WINNT\system32\sdkzk32.exe
O4 - HKLM\..\RunOnce: [d3nv32.exe] C:\WINNT\d3nv32.exe

Then look for these files and delete them (if you see the same filenames but with a .dat or .dll extension delete them too).
C:\WINNT\system32\sdkzk32.exe
C:\WINNT\d3nv32.exe
C:\WINNT\ipqh32.exe or C:\WINNT\system32\ipqh32.exe

Then reboot to safe and do the stuff with HSremove and AboutBuster. You know the drill. And report back.

 

Also add these to the HijackThis fix step:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://youriskalka.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://youriskalka.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://youriskalka.com/index.htm

 

Yes! If you search around you will find loads of crap like this in C:\winnt,
c:\winnt\system, and c:\winnt\system32. Lots of bad .DLL, .DAT, and .EXE but you need to be careful what you remove here. Some are system files. Sometimes you can tell by just looking at the file modification dates.

 

Most likely especially with random letter and numbers for the filenames and if they are hidden that also makes them likely canidates (but not defintely we still need to be careful here). If you delete the wrong things, you can make your PC unbootable.

The longer you wait to continue this process the more likely another crapware process will be kicked off spawning more crap.

 

Only one item left. Have HijackThis fix this:
O2 - BHO: (no name) - {D223E4C5-1B9A-1963-16C9-6F7292E5F3EA} - C:\WINNT\netcf.dll

Hopefully it has not already spawned from this.

See if you can located that DLL and also look for netcf.exe and remove them.

Let me know the results. Try a few reboots. Gotta sleep now! Good luck.

 

Working on other peoples threads! But now I'm leaving! BYE!

 

Your welcome! Log looks good. The only other thing I would say to do is:

Bring up Internet Explorer, select Tools, Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

We may have done some of this already but I did not see a start page in your HJT log so I wanted to be sure.