Boot in Safe Mode
Switch off System Restore
Put Hijackthis in its OWN, PERMANENT directory.
Now run HJT on its own and let it 'fix':
C:\WINDOWS\ieop.exe
C:\WINDOWS\System32\tibs5.exe
C:\WINDOWS\winpl32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nvcny.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A67AC66F-E66D-B230-07D8-8163A013AE40} - C:\WINDOWS\system32\appqa32.dll
O4 - HKLM\..\Run: [3A.tmp] C:\DOCUME~1\MYBABY~1\LOCALS~1\Temp\3A.tmp.exe 1 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [winpl32.exe] C:\WINDOWS\winpl32.exe
O4 - HKLM\..\Run: [3A.tmp.exe] C:\DOCUME~1\MYBABY~1\LOCALS~1\Temp\3A.tmp.exe 1 10001
O4 - HKLM\..\Run: [D.tmp] C:\DOCUME~1\MYBABY~1\LOCALS~1\Temp\D.tmp.exe 2 28129
O4 - HKLM\..\RunOnce: [ieop.exe] C:\WINDOWS\ieop.exe
O4 - Startup: DLHelperEXE.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll
O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\Program Files\Starluck Casino\bin\IEExtension_SL.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\PartyBingo\bin\IEExtension_PB.dll
O9 - Extra 'Tools' menuitem: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Program Files\PartyBingo\bin\IEExtension_PB.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
ALL lines with O16 - DPF:
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\mfcqd32.exe (file missing)
When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
Clean EVERYTHING from C:\DOCUME~1\MYBABY~1\LOCALS~1\Temp
Reboot in Safe Mode
Make a new HJT log and post it here.
You sure it was your roommate?
I would give you my secret offshore account number in the Cayman Islands, but Internal Revenue would be down on me like a ton of bricks in a jiffy!
So I'll help you out for nought.