I have been having problem with home search assistant. I have downloaded Ad-aware 6.0 and Search and Distory 1.3 along with the updates. I scaned with both programs and Norton's Anti Virus in normal start-up and safe boot. Now I am having problems booting up my computer and shutting down. It takes an extremely long time to start up and the computer stays on the windown is shutting down page when shutting down. Please help. Here is my HJT.

Logfile of HijackThis v1.98.1
Scan saved at 2:35:02 AM, on 8/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apifq.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mspr32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\RunOnce: [apifq.exe] C:\WINDOWS\apifq.exe
O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe
O4 - HKLM\..\RunOnce: [mfcpm.exe] C:\WINDOWS\system32\mfcpm.exe
O4 - HKLM\..\RunOnce: [crfy32.exe] C:\WINDOWS\system32\crfy32.exe
O4 - HKLM\..\RunOnce: [ntxz.exe] C:\WINDOWS\ntxz.exe
O4 - HKLM\..\RunOnce: [appow32.exe] C:\WINDOWS\appow32.exe
O4 - HKLM\..\RunOnce: [winna.exe] C:\WINDOWS\winna.exe
O4 - HKLM\..\RunOnce: [ipxu32.exe] C:\WINDOWS\ipxu32.exe
O4 - HKLM\..\RunOnce: [atlqs.exe] C:\WINDOWS\system32\atlqs.exe
O4 - HKLM\..\RunOnce: [ieia32.exe] C:\WINDOWS\system32\ieia32.exe
O4 - HKLM\..\RunOnce: [mfcnw.exe] C:\WINDOWS\mfcnw.exe
O4 - HKLM\..\RunOnce: [ntoa.exe] C:\WINDOWS\system32\ntoa.exe
O4 - HKLM\..\RunOnce: [mfcov.exe] C:\WINDOWS\mfcov.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [apiwo.exe] C:\WINDOWS\apiwo.exe
O4 - HKLM\..\RunOnce: [ipzz.exe] C:\WINDOWS\system32\ipzz.exe
O4 - HKLM\..\RunOnce: [crvp32.exe] C:\WINDOWS\crvp32.exe
O4 - HKLM\..\RunOnce: [d3et.exe] C:\WINDOWS\system32\d3et.exe
O4 - HKLM\..\RunOnce: [ntdv.exe] C:\WINDOWS\ntdv.exe
O4 - HKLM\..\RunOnce: [netaz.exe] C:\WINDOWS\system32\netaz.exe
O4 - HKLM\..\RunOnce: [d3mk32.exe] C:\WINDOWS\system32\d3mk32.exe
O4 - HKLM\..\RunOnce: [javavi.exe] C:\WINDOWS\javavi.exe
O4 - HKLM\..\RunOnce: [netnv32.exe] C:\WINDOWS\netnv32.exe
O4 - HKLM\..\RunOnce: [sdkrw.exe] C:\WINDOWS\sdkrw.exe
O4 - HKLM\..\RunOnce: [msqh.exe] C:\WINDOWS\msqh.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [crwp.exe] C:\WINDOWS\system32\crwp.exe
O4 - HKLM\..\RunOnce: [atlxt.exe] C:\WINDOWS\system32\atlxt.exe
O4 - HKLM\..\RunOnce: [ippr32.exe] C:\WINDOWS\ippr32.exe
O4 - HKLM\..\RunOnce: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\RunOnce: [crug.exe] C:\WINDOWS\system32\crug.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [ntgh32.exe] C:\WINDOWS\ntgh32.exe
O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\system32\atlic.exe
O4 - HKLM\..\RunOnce: [iewv.exe] C:\WINDOWS\system32\iewv.exe
O4 - HKLM\..\RunOnce: [winjs32.exe] C:\WINDOWS\winjs32.exe
O4 - HKLM\..\RunOnce: [d3tw32.exe] C:\WINDOWS\d3tw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wmnrgrlg.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3612CB2-6927-4152-A0C7-71FEF6505CD9}: NameServer = 198.6.1.98 198.6.100.98

Welcome to short-media. You came to the right place.

Get rid of the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll

O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe

O4 - HKLM\..\RunOnce: [apifq.exe] C:\WINDOWS\apifq.exe
O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe
O4 - HKLM\..\RunOnce: [mfcpm.exe] C:\WINDOWS\system32\mfcpm.exe
O4 - HKLM\..\RunOnce: [crfy32.exe] C:\WINDOWS\system32\crfy32.exe
O4 - HKLM\..\RunOnce: [ntxz.exe] C:\WINDOWS\ntxz.exe
O4 - HKLM\..\RunOnce: [appow32.exe] C:\WINDOWS\appow32.exe
O4 - HKLM\..\RunOnce: [winna.exe] C:\WINDOWS\winna.exe
O4 - HKLM\..\RunOnce: [ipxu32.exe] C:\WINDOWS\ipxu32.exe
O4 - HKLM\..\RunOnce: [atlqs.exe] C:\WINDOWS\system32\atlqs.exe
O4 - HKLM\..\RunOnce: [ieia32.exe] C:\WINDOWS\system32\ieia32.exe
O4 - HKLM\..\RunOnce: [mfcnw.exe] C:\WINDOWS\mfcnw.exe
O4 - HKLM\..\RunOnce: [ntoa.exe] C:\WINDOWS\system32\ntoa.exe
O4 - HKLM\..\RunOnce: [mfcov.exe] C:\WINDOWS\mfcov.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [apiwo.exe] C:\WINDOWS\apiwo.exe
O4 - HKLM\..\RunOnce: [ipzz.exe] C:\WINDOWS\system32\ipzz.exe
O4 - HKLM\..\RunOnce: [crvp32.exe] C:\WINDOWS\crvp32.exe
O4 - HKLM\..\RunOnce: [d3et.exe] C:\WINDOWS\system32\d3et.exe
O4 - HKLM\..\RunOnce: [ntdv.exe] C:\WINDOWS\ntdv.exe
O4 - HKLM\..\RunOnce: [netaz.exe] C:\WINDOWS\system32\netaz.exe
O4 - HKLM\..\RunOnce: [d3mk32.exe] C:\WINDOWS\system32\d3mk32.exe
O4 - HKLM\..\RunOnce: [javavi.exe] C:\WINDOWS\javavi.exe
O4 - HKLM\..\RunOnce: [netnv32.exe] C:\WINDOWS\netnv32.exe
O4 - HKLM\..\RunOnce: [sdkrw.exe] C:\WINDOWS\sdkrw.exe
O4 - HKLM\..\RunOnce: [msqh.exe] C:\WINDOWS\msqh.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [crwp.exe] C:\WINDOWS\system32\crwp.exe
O4 - HKLM\..\RunOnce: [atlxt.exe] C:\WINDOWS\system32\atlxt.exe
O4 - HKLM\..\RunOnce: [ippr32.exe] C:\WINDOWS\ippr32.exe
O4 - HKLM\..\RunOnce: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\RunOnce: [crug.exe] C:\WINDOWS\system32\crug.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [ntgh32.exe] C:\WINDOWS\ntgh32.exe
O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\system32\atlic.exe
O4 - HKLM\..\RunOnce: [iewv.exe] C:\WINDOWS\system32\iewv.exe
O4 - HKLM\..\RunOnce: [winjs32.exe] C:\WINDOWS\winjs32.exe
O4 - HKLM\..\RunOnce: [d3tw32.exe] C:\WINDOWS\d3tw32.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wmnrgrlg.exe

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

you've got quite a mess there. After you reboot, re-run Spybot & AdAware and then post a new log.

Thanks my computer seemed to start up faster and finally shut down. I did exactly as you said and this is my new HJT.

Logfile of HijackThis v1.98.1
Scan saved at 12:13:56 AM, on 8/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apifq.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\mspr32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\RunOnce: [sysxh.exe] C:\WINDOWS\system32\sysxh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

Nope, still infected.

Delete the following in SAFE MODE:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll

O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\RunOnce: [sysxh.exe] C:\WINDOWS\system32\sysxh.exe



I believe what you have is now being picked up by virus and trojan scanners. Make sure you update your virus definitions and then run a full system scan after rebooting.

Hi I'm Back again, I couldn't get everything straight last time so here is my new HJT file.

Logfile of HijackThis v1.98.1
Scan saved at 10:02:05 AM, on 8/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qvuja.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmc.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ubuyw.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmc.edu
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ubuyw.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qvuja.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0DD9E095-DCF5-A74E-941B-D33928908138} - C:\WINDOWS\system32\javath32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

You have the Home Search Assistant hijack. You need to follow our HSA Removal Guide (http://www.short-media.com/forum/showthread.php?t=18315). Removing this bugger is a very intensive process, so make SURE you follow the directions to the letter, otherwise you will be rewarded with a still-infected computer.

So, any luck?