Hijacked and in need of help!

Alright so I have a computer that has obviously been hijacked. It was filled with spyware, hit by viruses, and covered in evidence of hijacking.

I took careful measures to eliminate everything. I scanned for and deleted viruses. I used AdAware and Spybot S&D to eliminate spyware. I found registry files and manually eliminated them. However, I am still having issues with Internet Explorer. First of all the Search Assistant toolbar appears on the Taskbar each time I boot up with the option of going to some BlazeFind search engine. [Also when I boot, a window opens up to System32.] Second of all, I continuously get messages asking to re-install Search Assistant 180 (which I know not to do and is affiliated with n-Case). Furthermore, there are tons of pop-ups all the time when using IE. Finally, when doing a search like Google there are bogus search results (that go to stupid shopping sites) added before Google's results. I think this is all due to that Search Assistant 180 thing from n-Case. I tried everything from reinstalling the assitant in hopes of a clean uninstall to trying to hunt out every last file (including all those stupid registry values and .dll 's). I can't get it. Please help me! Here is the logfile from Hijack This:

Logfile of HijackThis v1.98.0
Scan saved at 5:24:50 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\gzxmyfk.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\WINDOWS\zsfkboj.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Emily\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\ctccw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sgqialui] C:\WINDOWS\xkncepig.exe
O4 - HKLM\..\Run: [DKQXA] C:\WINDOWS\DKQXA.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dxakqsxe] C:\WINDOWS\System32\dxakqsxe.exe
O4 - HKLM\..\Run: [icmwwwgrnrd] C:\WINDOWS\System32\gzxmyfk.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [zsfkboj] C:\WINDOWS\zsfkboj.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctccw] C:\WINDOWS\ctccw.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Emily\Application Data\DownloadPlus.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL

Thanks.

Hi StupidAds,

You might want to print these instructions.

Please go to Add/Remove programs in the Control Panel and uninstall any of these programs listed:

Download Plus
IE SearchBar
Windows SA
Internet Explorer SearchBar
Windows Search Functions

Please move HijackThis to a permanent folder such as C:\HJT so it can make reliable backups of what we fix. In case something goes wrong, we can depend on them being there.

Hold down the Ctrl+Shift keys on your keyboard and tap the Esc key. This will open task manager. End the following processes, if running, by selecting it and pressing the End Process button and clicking Yes to the confirmation message:

wsaupdater.exe
xkncepig.exe
DKQXA.exe
b.exe
zzb.exe
dxakqsxe.exe
omniscient.exe
zsfkboj.exe
idctup20.exe
ctccw.exe
DownloadPlus.exe

Logoff your internet connection. Close all browsers and other windows except HijackThis. Run HijackThis, place a checkmark next to the following items. Click "fix checked".

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O4 - HKLM\..\Run: [sgqialui] C:\WINDOWS\xkncepig.exe
O4 - HKLM\..\Run: [DKQXA] C:\WINDOWS\DKQXA.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [dxakqsxe] C:\WINDOWS\System32\dxakqsxe.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [zsfkboj] C:\WINDOWS\zsfkboj.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [ctccw] C:\WINDOWS\ctccw.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Emily\Application Data\DownloadPlus.exe

Boot into Safe Mode. Here's instructions:
http://service1.symantec.com/SUPPOR...01052409420406/

Show hidden files:
How to Show hidden files and folders.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Delete the following files:

C:\Windows\System32\wsaupdater.exe
C:\WINDOWS\xkncepig.exe
C:\WINDOWS\DKQXA.exe
C:\WINDOWS\b.exe
c:\WINDOWS\System32\zzb.exe
C:\WINDOWS\System32\dxakqsxe.exe
C:\WINDOWS\zsfkboj.exe
C:\WINDOWS\System32\idctup20.exe
C:\WINDOWS\ctccw.exe
C:\Documents and Settings\Emily\Application Data\DownloadPlus.exe


Delete the following folder:

C:\Program Files\WindowsSA\

Reboot normally and post a new log.

Tom