another hijack

please help ...need to fix puterLogfile of HijackThis v1.97.7
Scan saved at 1:15:52 AM, on 12/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\jywrzcix.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pdrummond\Desktop\desktop stuff\HijackThis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\pdrummond\Desktop\desktop stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = start.shaw..ca/start/enca/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\pdrummond\Application Data\msfz\msfz.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\pdrummond\Application Data\msfz\netfe.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\pdrummond\Application Data\msfz\advaj32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MTZAGNT] C:\WINDOWS\MTZAGNT.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [csdfqhor] C:\WINDOWS\System32\jywrzcix.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Common Files\submit.exe"
O4 - HKCU\..\RunOnce: [Updater] rundll32 C:\DOCUME~1\PDRUMM~1\APPLIC~1\msfz\msfz.dll,UpdateDll s
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - URL
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - URL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - URL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - URL
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - URL
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - URL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - URL
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - URL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - URL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - URL
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - URL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - URL
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - URL
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - URL
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - URL
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - URL
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - URL
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - URL

Here is how to read the hijackthis logfile .
Compare it with yours .
http://homepage.ntlworld.com/dvk01uk/tutorial.htm
http://www.spywareinfo.com/~merijn/htlogtutorial.html
http://www.help2go.com/article153.html
http://hjt.wizardsofwebsites.com/
http://www.spywareinfo.com/bhos/
http://www.spychecker.com/program/bholist.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.computercops.biz/postt6393.html
http://www.google.com/search?q=spyware+list
Beginners Guides: Browser Hijacking & How to Stop It
http://www.pcstats.com/articleview.cfm?articleID=1579

Hi ttom,

You have a coolwebsearch infection, among other things. Please download CWShredder from Here

Press "Check for Update" and download any new updates available.

Close ALL browser windows or it may not work! Unzip it to a convenient location such as your Desktop and select "Fix" (do not just Scan). It will automatically remove the infections.

Reboot and post a new log.

Tom