Options
Please Help "Home Search Assistant" problems
I have been having problem with home search assistant. I have downloaded Ad-aware 6.0 and Search and Distory 1.3 along with the updates. I scaned with both programs and Norton's Anti Virus in normal start-up and safe boot. Now I am having problems booting up my computer and shutting down. It takes an extremely long time to start up and the computer stays on the windown is shutting down page when shutting down. Please help. Here is my HJT.
Logfile of HijackThis v1.98.1
Scan saved at 2:35:02 AM, on 8/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apifq.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mspr32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\RunOnce: [apifq.exe] C:\WINDOWS\apifq.exe
O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe
O4 - HKLM\..\RunOnce: [mfcpm.exe] C:\WINDOWS\system32\mfcpm.exe
O4 - HKLM\..\RunOnce: [crfy32.exe] C:\WINDOWS\system32\crfy32.exe
O4 - HKLM\..\RunOnce: [ntxz.exe] C:\WINDOWS\ntxz.exe
O4 - HKLM\..\RunOnce: [appow32.exe] C:\WINDOWS\appow32.exe
O4 - HKLM\..\RunOnce: [winna.exe] C:\WINDOWS\winna.exe
O4 - HKLM\..\RunOnce: [ipxu32.exe] C:\WINDOWS\ipxu32.exe
O4 - HKLM\..\RunOnce: [atlqs.exe] C:\WINDOWS\system32\atlqs.exe
O4 - HKLM\..\RunOnce: [ieia32.exe] C:\WINDOWS\system32\ieia32.exe
O4 - HKLM\..\RunOnce: [mfcnw.exe] C:\WINDOWS\mfcnw.exe
O4 - HKLM\..\RunOnce: [ntoa.exe] C:\WINDOWS\system32\ntoa.exe
O4 - HKLM\..\RunOnce: [mfcov.exe] C:\WINDOWS\mfcov.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [apiwo.exe] C:\WINDOWS\apiwo.exe
O4 - HKLM\..\RunOnce: [ipzz.exe] C:\WINDOWS\system32\ipzz.exe
O4 - HKLM\..\RunOnce: [crvp32.exe] C:\WINDOWS\crvp32.exe
O4 - HKLM\..\RunOnce: [d3et.exe] C:\WINDOWS\system32\d3et.exe
O4 - HKLM\..\RunOnce: [ntdv.exe] C:\WINDOWS\ntdv.exe
O4 - HKLM\..\RunOnce: [netaz.exe] C:\WINDOWS\system32\netaz.exe
O4 - HKLM\..\RunOnce: [d3mk32.exe] C:\WINDOWS\system32\d3mk32.exe
O4 - HKLM\..\RunOnce: [javavi.exe] C:\WINDOWS\javavi.exe
O4 - HKLM\..\RunOnce: [netnv32.exe] C:\WINDOWS\netnv32.exe
O4 - HKLM\..\RunOnce: [sdkrw.exe] C:\WINDOWS\sdkrw.exe
O4 - HKLM\..\RunOnce: [msqh.exe] C:\WINDOWS\msqh.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [crwp.exe] C:\WINDOWS\system32\crwp.exe
O4 - HKLM\..\RunOnce: [atlxt.exe] C:\WINDOWS\system32\atlxt.exe
O4 - HKLM\..\RunOnce: [ippr32.exe] C:\WINDOWS\ippr32.exe
O4 - HKLM\..\RunOnce: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\RunOnce: [crug.exe] C:\WINDOWS\system32\crug.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [ntgh32.exe] C:\WINDOWS\ntgh32.exe
O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\system32\atlic.exe
O4 - HKLM\..\RunOnce: [iewv.exe] C:\WINDOWS\system32\iewv.exe
O4 - HKLM\..\RunOnce: [winjs32.exe] C:\WINDOWS\winjs32.exe
O4 - HKLM\..\RunOnce: [d3tw32.exe] C:\WINDOWS\d3tw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wmnrgrlg.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3612CB2-6927-4152-A0C7-71FEF6505CD9}: NameServer = 198.6.1.98 198.6.100.98
Logfile of HijackThis v1.98.1
Scan saved at 2:35:02 AM, on 8/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apifq.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mspr32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\RunOnce: [apifq.exe] C:\WINDOWS\apifq.exe
O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe
O4 - HKLM\..\RunOnce: [mfcpm.exe] C:\WINDOWS\system32\mfcpm.exe
O4 - HKLM\..\RunOnce: [crfy32.exe] C:\WINDOWS\system32\crfy32.exe
O4 - HKLM\..\RunOnce: [ntxz.exe] C:\WINDOWS\ntxz.exe
O4 - HKLM\..\RunOnce: [appow32.exe] C:\WINDOWS\appow32.exe
O4 - HKLM\..\RunOnce: [winna.exe] C:\WINDOWS\winna.exe
O4 - HKLM\..\RunOnce: [ipxu32.exe] C:\WINDOWS\ipxu32.exe
O4 - HKLM\..\RunOnce: [atlqs.exe] C:\WINDOWS\system32\atlqs.exe
O4 - HKLM\..\RunOnce: [ieia32.exe] C:\WINDOWS\system32\ieia32.exe
O4 - HKLM\..\RunOnce: [mfcnw.exe] C:\WINDOWS\mfcnw.exe
O4 - HKLM\..\RunOnce: [ntoa.exe] C:\WINDOWS\system32\ntoa.exe
O4 - HKLM\..\RunOnce: [mfcov.exe] C:\WINDOWS\mfcov.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [apiwo.exe] C:\WINDOWS\apiwo.exe
O4 - HKLM\..\RunOnce: [ipzz.exe] C:\WINDOWS\system32\ipzz.exe
O4 - HKLM\..\RunOnce: [crvp32.exe] C:\WINDOWS\crvp32.exe
O4 - HKLM\..\RunOnce: [d3et.exe] C:\WINDOWS\system32\d3et.exe
O4 - HKLM\..\RunOnce: [ntdv.exe] C:\WINDOWS\ntdv.exe
O4 - HKLM\..\RunOnce: [netaz.exe] C:\WINDOWS\system32\netaz.exe
O4 - HKLM\..\RunOnce: [d3mk32.exe] C:\WINDOWS\system32\d3mk32.exe
O4 - HKLM\..\RunOnce: [javavi.exe] C:\WINDOWS\javavi.exe
O4 - HKLM\..\RunOnce: [netnv32.exe] C:\WINDOWS\netnv32.exe
O4 - HKLM\..\RunOnce: [sdkrw.exe] C:\WINDOWS\sdkrw.exe
O4 - HKLM\..\RunOnce: [msqh.exe] C:\WINDOWS\msqh.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [crwp.exe] C:\WINDOWS\system32\crwp.exe
O4 - HKLM\..\RunOnce: [atlxt.exe] C:\WINDOWS\system32\atlxt.exe
O4 - HKLM\..\RunOnce: [ippr32.exe] C:\WINDOWS\ippr32.exe
O4 - HKLM\..\RunOnce: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\RunOnce: [crug.exe] C:\WINDOWS\system32\crug.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [ntgh32.exe] C:\WINDOWS\ntgh32.exe
O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\system32\atlic.exe
O4 - HKLM\..\RunOnce: [iewv.exe] C:\WINDOWS\system32\iewv.exe
O4 - HKLM\..\RunOnce: [winjs32.exe] C:\WINDOWS\winjs32.exe
O4 - HKLM\..\RunOnce: [d3tw32.exe] C:\WINDOWS\d3tw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wmnrgrlg.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3612CB2-6927-4152-A0C7-71FEF6505CD9}: NameServer = 198.6.1.98 198.6.100.98
0
Comments
Get rid of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vgdas.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vgdas.dll/index.html#37794
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\RunOnce: [apifq.exe] C:\WINDOWS\apifq.exe
O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe
O4 - HKLM\..\RunOnce: [mfcpm.exe] C:\WINDOWS\system32\mfcpm.exe
O4 - HKLM\..\RunOnce: [crfy32.exe] C:\WINDOWS\system32\crfy32.exe
O4 - HKLM\..\RunOnce: [ntxz.exe] C:\WINDOWS\ntxz.exe
O4 - HKLM\..\RunOnce: [appow32.exe] C:\WINDOWS\appow32.exe
O4 - HKLM\..\RunOnce: [winna.exe] C:\WINDOWS\winna.exe
O4 - HKLM\..\RunOnce: [ipxu32.exe] C:\WINDOWS\ipxu32.exe
O4 - HKLM\..\RunOnce: [atlqs.exe] C:\WINDOWS\system32\atlqs.exe
O4 - HKLM\..\RunOnce: [ieia32.exe] C:\WINDOWS\system32\ieia32.exe
O4 - HKLM\..\RunOnce: [mfcnw.exe] C:\WINDOWS\mfcnw.exe
O4 - HKLM\..\RunOnce: [ntoa.exe] C:\WINDOWS\system32\ntoa.exe
O4 - HKLM\..\RunOnce: [mfcov.exe] C:\WINDOWS\mfcov.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [apiwo.exe] C:\WINDOWS\apiwo.exe
O4 - HKLM\..\RunOnce: [ipzz.exe] C:\WINDOWS\system32\ipzz.exe
O4 - HKLM\..\RunOnce: [crvp32.exe] C:\WINDOWS\crvp32.exe
O4 - HKLM\..\RunOnce: [d3et.exe] C:\WINDOWS\system32\d3et.exe
O4 - HKLM\..\RunOnce: [ntdv.exe] C:\WINDOWS\ntdv.exe
O4 - HKLM\..\RunOnce: [netaz.exe] C:\WINDOWS\system32\netaz.exe
O4 - HKLM\..\RunOnce: [d3mk32.exe] C:\WINDOWS\system32\d3mk32.exe
O4 - HKLM\..\RunOnce: [javavi.exe] C:\WINDOWS\javavi.exe
O4 - HKLM\..\RunOnce: [netnv32.exe] C:\WINDOWS\netnv32.exe
O4 - HKLM\..\RunOnce: [sdkrw.exe] C:\WINDOWS\sdkrw.exe
O4 - HKLM\..\RunOnce: [msqh.exe] C:\WINDOWS\msqh.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [crwp.exe] C:\WINDOWS\system32\crwp.exe
O4 - HKLM\..\RunOnce: [atlxt.exe] C:\WINDOWS\system32\atlxt.exe
O4 - HKLM\..\RunOnce: [ippr32.exe] C:\WINDOWS\ippr32.exe
O4 - HKLM\..\RunOnce: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\RunOnce: [crug.exe] C:\WINDOWS\system32\crug.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [ntgh32.exe] C:\WINDOWS\ntgh32.exe
O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\system32\atlic.exe
O4 - HKLM\..\RunOnce: [iewv.exe] C:\WINDOWS\system32\iewv.exe
O4 - HKLM\..\RunOnce: [winjs32.exe] C:\WINDOWS\winjs32.exe
O4 - HKLM\..\RunOnce: [d3tw32.exe] C:\WINDOWS\d3tw32.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wmnrgrlg.exe
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
you've got quite a mess there. After you reboot, re-run Spybot & AdAware and then post a new log.
Logfile of HijackThis v1.98.1
Scan saved at 12:13:56 AM, on 8/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apifq.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\mspr32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\RunOnce: [sysxh.exe] C:\WINDOWS\system32\sysxh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
Delete the following in SAFE MODE:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vgdas.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ipqa.dll
O4 - HKLM\..\Run: [mspr32.exe] C:\WINDOWS\mspr32.exe
O4 - HKLM\..\RunOnce: [sysxh.exe] C:\WINDOWS\system32\sysxh.exe
I believe what you have is now being picked up by virus and trojan scanners. Make sure you update your virus definitions and then run a full system scan after rebooting.
Logfile of HijackThis v1.98.1
Scan saved at 10:02:05 AM, on 8/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qvuja.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmc.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ubuyw.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmc.edu
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ubuyw.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qvuja.dll/sp.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0DD9E095-DCF5-A74E-941B-D33928908138} - C:\WINDOWS\system32\javath32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll