In need of some major help

Unknown

My pc has gone haywire. My pc bogs down big time and IE has been hijacked. Tried fixing it through ad-aware and microsoft anti-spyware beta, and nothing came of fixing it. So I started browsing around through google and found short media. Looking at another thread. I scanned with Panda and Hijack This. These are my logs from both of them. Sorry if the logs are long and had to post twice. Any help would be great so I can have a nice and clean pc. Thanks Again!

Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:03:29 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\apizv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {9CD671F4-EDF9-74CB-0600-1C50A9A949DB} - C:\WINDOWS\crgm32.dll
O2 - BHO: Class - {FEDD0E2B-B30C-283D-DC98-B87875C2E677} - C:\WINDOWS\apioy.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [vv266dge] C:\WINDOWS\system32\vv266dge.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apizv.exe] C:\WINDOWS\system32\apizv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\javaub.exe
O4 - HKLM\..\RunOnce: [sysbm.exe] C:\WINDOWS\sysbm.exe
O4 - HKLM\..\RunOnce: [sdkzc32.exe] C:\WINDOWS\sdkzc32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\system32\sdkws32.exe
O4 - HKLM\..\RunOnce: [addig32.exe] C:\WINDOWS\addig32.exe
O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\system32\ipep.exe
O4 - HKLM\..\RunOnce: [mfcqr32.exe] C:\WINDOWS\system32\mfcqr32.exe
O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe
O4 - HKLM\..\RunOnce: [ipah32.exe] C:\WINDOWS\system32\ipah32.exe
O4 - HKLM\..\RunOnce: [sysus32.exe] C:\WINDOWS\sysus32.exe
O4 - HKLM\..\RunOnce: [msme32.exe] C:\WINDOWS\system32\msme32.exe
O4 - HKLM\..\RunOnce: [javazm32.exe] C:\WINDOWS\system32\javazm32.exe
O4 - HKLM\..\RunOnce: [appml32.exe] C:\WINDOWS\system32\appml32.exe
O4 - HKLM\..\RunOnce: [sdkfl.exe] C:\WINDOWS\sdkfl.exe
O4 - HKLM\..\RunOnce: [ipjn.exe] C:\WINDOWS\ipjn.exe
O4 - HKLM\..\RunOnce: [ieey32.exe] C:\WINDOWS\ieey32.exe
O4 - HKLM\..\RunOnce: [appcu.exe] C:\WINDOWS\appcu.exe
O4 - HKLM\..\RunOnce: [ievl.exe] C:\WINDOWS\ievl.exe
O4 - HKLM\..\RunOnce: [apira32.exe] C:\WINDOWS\apira32.exe
O4 - HKLM\..\RunOnce: [apifr32.exe] C:\WINDOWS\apifr32.exe
O4 - HKLM\..\RunOnce: [apppp.exe] C:\WINDOWS\apppp.exe
O4 - HKLM\..\RunOnce: [atlwf.exe] C:\WINDOWS\atlwf.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.energyfactor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/US732_150.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

You've got a nasty variant of Home Search Assistant.

Download and scan with About:Buster then reboot and post a new log.
http://www.majorgeeks.com/download4289.html

Liquidsmoke

Here is my new log:

Logfile of HijackThis v1.99.1
Scan saved at 9:03:05 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\vv266dge.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\apizv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dnzxe.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dnzxe.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [vv266dge] C:\WINDOWS\system32\vv266dge.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apizv.exe] C:\WINDOWS\system32\apizv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\javaub.exe
O4 - HKLM\..\RunOnce: [sysbm.exe] C:\WINDOWS\sysbm.exe
O4 - HKLM\..\RunOnce: [sdkzc32.exe] C:\WINDOWS\sdkzc32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\system32\sdkws32.exe
O4 - HKLM\..\RunOnce: [addig32.exe] C:\WINDOWS\addig32.exe
O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\system32\ipep.exe
O4 - HKLM\..\RunOnce: [mfcqr32.exe] C:\WINDOWS\system32\mfcqr32.exe
O4 - HKLM\..\RunOnce: [javazm32.exe] C:\WINDOWS\system32\javazm32.exe
O4 - HKLM\..\RunOnce: [appml32.exe] C:\WINDOWS\system32\appml32.exe
O4 - HKLM\..\RunOnce: [sdkfl.exe] C:\WINDOWS\sdkfl.exe
O4 - HKLM\..\RunOnce: [ieey32.exe] C:\WINDOWS\ieey32.exe
O4 - HKLM\..\RunOnce: [ievl.exe] C:\WINDOWS\ievl.exe
O4 - HKLM\..\RunOnce: [apira32.exe] C:\WINDOWS\apira32.exe
O4 - HKLM\..\RunOnce: [apifr32.exe] C:\WINDOWS\apifr32.exe
O4 - HKLM\..\RunOnce: [atlwf.exe] C:\WINDOWS\atlwf.exe
O4 - HKLM\..\RunOnce: [netjj32.exe] C:\WINDOWS\netjj32.exe
O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\system32\netxo32.exe
O4 - HKLM\..\RunOnce: [apitd.exe] C:\WINDOWS\system32\apitd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.energyfactor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/US732_150.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dnzxe.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\usyqy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dnzxe.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [vv266dge] C:\WINDOWS\system32\vv266dge.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apizv.exe] C:\WINDOWS\system32\apizv.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\javaub.exe
O4 - HKLM\..\RunOnce: [sysbm.exe] C:\WINDOWS\sysbm.exe
O4 - HKLM\..\RunOnce: [sdkzc32.exe] C:\WINDOWS\sdkzc32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\system32\sdkws32.exe
O4 - HKLM\..\RunOnce: [addig32.exe] C:\WINDOWS\addig32.exe
O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\system32\ipep.exe
O4 - HKLM\..\RunOnce: [mfcqr32.exe] C:\WINDOWS\system32\mfcqr32.exe
O4 - HKLM\..\RunOnce: [javazm32.exe] C:\WINDOWS\system32\javazm32.exe
O4 - HKLM\..\RunOnce: [appml32.exe] C:\WINDOWS\system32\appml32.exe
O4 - HKLM\..\RunOnce: [sdkfl.exe] C:\WINDOWS\sdkfl.exe
O4 - HKLM\..\RunOnce: [ieey32.exe] C:\WINDOWS\ieey32.exe
O4 - HKLM\..\RunOnce: [ievl.exe] C:\WINDOWS\ievl.exe
O4 - HKLM\..\RunOnce: [apira32.exe] C:\WINDOWS\apira32.exe
O4 - HKLM\..\RunOnce: [apifr32.exe] C:\WINDOWS\apifr32.exe
O4 - HKLM\..\RunOnce: [atlwf.exe] C:\WINDOWS\atlwf.exe
O4 - HKLM\..\RunOnce: [netjj32.exe] C:\WINDOWS\netjj32.exe
O4 - HKLM\..\RunOnce: [netxo32.exe] C:\WINDOWS\system32\netxo32.exe
O4 - HKLM\..\RunOnce: [apitd.exe] C:\WINDOWS\system32\apitd.exe
O15 - Trusted Zone: *.energyfactor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/US732_150.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/di...ivex_300_es.exe

Fix those entries then find and delete the following files:
C:\WINDOWS\dnzxe.dll
C:\WINDOWS\usyqy.dll
C:\WINDOWS\system32\vv266dge.exe
C:\WINDOWS\system32\apizv.exe
C:\WINDOWS\javaub.exe
C:\WINDOWS\sysbm.exe
C:\WINDOWS\sdkzc32.exe
C:\WINDOWS\system32\sdkws32.exe
C:\WINDOWS\addig32.exe
C:\WINDOWS\system32\ipep.exe
C:\WINDOWS\system32\mfcqr32.exe
C:\WINDOWS\system32\javazm32.exe
C:\WINDOWS\system32\appml32.exe
C:\WINDOWS\sdkfl.exe
C:\WINDOWS\ieey32.exe
C:\WINDOWS\ievl.exe
C:\WINDOWS\apira32.exe
C:\WINDOWS\apifr32.exe
C:\WINDOWS\atlwf.exe
C:\WINDOWS\netjj32.exe
C:\WINDOWS\system32\netxo32.exe
C:\WINDOWS\system32\apitd.exe

Then reboot your computer and post a new log.

Liquidsmoke

Ok that is done and here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 10:00:57 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\atlpo.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {B85144EE-6B1E-BDAB-F01C-4A7E2CE7AA46} - C:\WINDOWS\system32\javawh32.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [atlpo.exe] C:\WINDOWS\atlpo.exe
O4 - HKLM\..\RunOnce: [crwz.exe] C:\WINDOWS\system32\crwz.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crwz.exe" /s (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

Looking a lot better

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lfrwf.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B85144EE-6B1E-BDAB-F01C-4A7E2CE7AA46} - C:\WINDOWS\system32\javawh32.dll
O4 - HKLM\..\Run: [atlpo.exe] C:\WINDOWS\atlpo.exe
O4 - HKLM\..\RunOnce: [crwz.exe] C:\WINDOWS\system32\crwz.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crwz.exe" /s (file missing)

Fix those entries then find and delete the following files:
C:\WINDOWS\system32\lfrwf.dll
C:\WINDOWS\system32\javawh32.dll
C:\WINDOWS\atlpo.exe
C:\WINDOWS\system32\crwz.exe

Then reboot your computer and post a new log.

Liquidsmoke

K got that all done. Heres the new log.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:47 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\mfcgg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {D3176F21-DA2F-61E8-97B6-26C992DA4F51} - C:\WINDOWS\system32\mfcgg.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\RunOnce: [sysrr32.exe] C:\WINDOWS\sysrr32.exe
O4 - HKLM\..\RunOnce: [msbv32.exe] C:\WINDOWS\msbv32.exe
O4 - HKLM\..\RunOnce: [ipop.exe] C:\WINDOWS\ipop.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysrr32.exe" /s (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D3176F21-DA2F-61E8-97B6-26C992DA4F51} - C:\WINDOWS\system32\mfcgg.dll
O4 - HKLM\..\RunOnce: [sysrr32.exe] C:\WINDOWS\sysrr32.exe
O4 - HKLM\..\RunOnce: [msbv32.exe] C:\WINDOWS\msbv32.exe
O4 - HKLM\..\RunOnce: [ipop.exe] C:\WINDOWS\ipop.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysrr32.exe" /s (file missing)

Fix those entries then find and delete the following files:
C:\WINDOWS\system32\mfcgg.dll
C:\WINDOWS\sysrr32.exe
C:\WINDOWS\msbv32.exe
C:\WINDOWS\ipop.exe

Then reboot your computer and post a new log.

Liquidsmoke

Ok coming along nicely now. Lot less hijacked homepage now and pop ups are disappearing. I ran CW Shredder for giggles it removed 3 homepage hijacks or something like that. Here is my new Hijack This Log. Also some of the files you said to fix in the last post weren't present in the listing. And one file wasn't present to manually delete.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:34 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\keuvu.dll/sp.html#14044
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {D3176F21-DA2F-61E8-97B6-26C992DA4F51} - C:\WINDOWS\system32\mfcgg.dll (file missing)
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mfcgg.exe] C:\WINDOWS\system32\mfcgg.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keuvu.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\keuvu.dll/sp.html#14044
O2 - BHO: Class - {D3176F21-DA2F-61E8-97B6-26C992DA4F51} - C:\WINDOWS\system32\mfcgg.dll (file missing)
O4 - HKLM\..\Run: [mfcgg.exe] C:\WINDOWS\system32\mfcgg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Fix those entries then find and delete the following files:
C:\WINDOWS\keuvu.dll
C:\WINDOWS\system32\mfcgg.dll

Then reboot your computer and post a new log.

Liquidsmoke

Aight Coolweb is on my pc somewhere and slipping by CW Shredder, and Ad-Aware doesn't delete it but I've noticed the number of files CW is decreasing. Also when doing all of these fixes through Hijack This and deletiing I've been doing them in safe mode. Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:12 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {D3176F21-DA2F-61E8-97B6-26C992DA4F51} - C:\WINDOWS\system32\mfcgg.dll (file missing)
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

O2 - BHO: Class - {D3176F21-DA2F-61E8-97B6-26C992DA4F51} - C:\WINDOWS\system32\mfcgg.dll (file missing)

Fix that entry then reboot and post a new log.

Liquidsmoke

Done with that. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:19:55 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SpywareShooter

Run a free Panda scan. There may be some files that it cannot remove. Post the log here.
www.pandasoftware.com/activescan/

Liquidsmoke

Gotcha running the scan now I will post as soon as it finishes.

Liquidsmoke

Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\Temp\salm_*.dat
Adware:Adware/SAHAgent No disinfected C:\DOCUME~1\TOMMYV~1\LOCALS~1\Temp\isearchtech100?.sah
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/NavHelper No disinfected C:\WINDOWS\remover.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Tommy Vucic\Application Data\sskknwrd.dll
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Tommy Vucic\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusGold 2.0.lnk
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Tommy Vucic\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Tommy Vucic\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Tommy Vucic\Application Data\Sskuknwrd.dll
Spyware:Spyware/Smitfraud No disinfected C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\AGLanguage.ini
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\geog.exe
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\hacf.exe
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\ICD1.tmp\inst2.inf
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\kdah.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\updater.exe
Possible Virus. No disinfected C:\Program Files\SurfAccuracy\SAccU.exe
Adware:Adware/NavHelper No disinfected C:\Program Files\WAV to MP3 Encoder\DEFNTB.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\WAV to MP3 Encoder\Ssk_b5 m310.exe
Adware:Adware/SaveNow No disinfected C:\Program Files\WAV to MP3 Encoder\VVSN_MTHR0504Inst.exe
Adware:Adware/nCase No disinfected C:\temp\salmau.dat
Adware:Adware/nCase No disinfected C:\temp\salm_gdf.dat
Adware:Adware/nCase No disinfected C:\temp\salm_kyf.dat
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\WinAdServX.dll
Adware:Adware/NavHelper No disinfected C:\WINDOWS\remover.dll

SpywareShooter

Boot into Safe Mode (press F8 at the BIOS screen when booting) and delete the following files:

C:\Temp\salm_*.dat
C:\DOCUME~1\TOMMYV~1\LOCALS~1\Temp\isearchtech100?.sah
C:\WINDOWS\remover.dll
C:\Documents and Settings\Tommy Vucic\Application Data\sskknwrd.dll
C:\Documents and Settings\Tommy Vucic\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusGold 2.0.lnk
C:\Documents and Settings\Tommy Vucic\Application Data\Sskcwrd.dll
C:\Documents and Settings\Tommy Vucic\Application Data\Sskknwrd.dll
C:\Documents and Settings\Tommy Vucic\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\AGLanguage.ini
C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\geog.exe
C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\hacf.exe
C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\ICD1.tmp\inst2.inf
C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\kdah.exe
C:\Documents and Settings\Tommy Vucic\Local Settings\Temp\updater.exe
C:\Program Files\SurfAccuracy\SAccU.exe
C:\Program Files\WAV to MP3 Encoder\Ssk_b5 m310.exe
C:\temp\salmau.dat
C:\temp\salm_gdf.dat
C:\temp\salm_kyf.dat
C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
C:\WINDOWS\Downloaded Program Files\WinAdServX.dll

Then boot back into Normal Mode, run another Panda scan, and post the log.

Liquidsmoke

Ok here is the new results:


Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\MYSEARCHTOOLBAR.TOOLBARPLUGIN
Adware:adware/searchaid No disinfected HKEY_CLASSES_ROOT\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}
Adware:Adware/NavHelper No disinfected C:\Program Files\WAV to MP3 Encoder\DEFNTB.exe
Adware:Adware/SaveNow No disinfected C:\Program Files\WAV to MP3 Encoder\VVSN_MTHR0504Inst.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addex32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addlp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addoa.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addwg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apifa.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apifq.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apizk32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appcu.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appln.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appnf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apppp.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apprv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlaj32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlpf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlrn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crar32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\criw.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crjf32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3dw32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3md32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3qe.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\WinAdServX.dll
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iemi32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ieqe.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipgu.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iphh32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipnd.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ippf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mscf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mscg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msdq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mssb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msta32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msuq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mswf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\netke.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\netxq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntcr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntfc.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntoe32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\nttd32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntyl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\syscl32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\syspi32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addbo.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addnj32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addta.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\apikb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\apixc.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appbg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appmw32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\apptv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atleg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atlmc.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\cred32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crsv.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crxz32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3cy.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3ek32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3jf32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3me32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3mq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iefb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iehp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ieua32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iexi.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipah32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipcl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipcv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipjt.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipmo.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javaes32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javatd.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcpw.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcvi32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msme32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mstq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netia.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netio32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntem32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntjr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkfb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sysnh.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\syspx32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\syszw32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\winis.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\systh.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winiq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winlc.exe

Liquidsmoke

I also ran Avast at boot up and came up with this.

07/15/2005 19:28
Scan of all local drives
File C:\System Volume Information\_restore{07785F98-E5B8-471A-9805-C82BD00A5B16}\RP270\A0067379.exe is infected by Win32:Adan-003 [Adw] - Deleted
File C:\System Volume Information\_restore{07785F98-E5B8-471A-9805-C82BD00A5B16}\RP271\A0067609.exe is infected by Win32:Trojano-1152 [Trj] - Deleted
File C:\System Volume Information\_restore{07785F98-E5B8-471A-9805-C82BD00A5B16}\RP271\A0067628.dll is infected by Win32:Kuang2 - Deleted
File C:\WINDOWS\Downloaded Program Files\DeskAdX.dll is infected by Win32:Trojan-gen. {Other} - Deleted
File C:\WINDOWS\LastGood.Tmp\system32\ActiveScan\imscan.dll is infected by Win32:Kuang2 - Deleted
File C:\WINDOWS\system32\ActiveScan\pskavs.dll is infected by Win32:CTX - Deleted

Number of searched folders: 3364
Number of tested files: 73719
Number of infected files: 6

SpywareShooter

Please post a new HijackThis log. By the looks of your Panda log it appears you have a new Trojan.

Liquidsmoke

K here is a new Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:41:40 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Liquidsmoke

Also a scan with Ad-Aware came up with this:

CoolWebSearch- RegKey- HKEY_Local_Machine: software\microsoft\internet explorer\urlsearchhooks\

CoolWebSearch- RegKey- HKEY_Local_Machine: software\microsoft\downloadmanager\

CoolWebSearch- RegValue- HKEY_Local_Machine: software\microsoft "set"

CoolWebSearch- RegValue- HKEY_Local_Machine: software\microsoft\internet explorer\main "Use Search Asst"

CoolWebSearch- RegData- HKEY_Current_User: software\microsoft\internet explorer\main "Use Search Asst" (no)

CoolWebSearch- RegData- HKEY_Local_Machine: software\microsoft\internet explorer\main "Use Search Asst" (no)

CoolWebSearch- RegData- HKEY_Local_Machine: software\microsoft\internet explorer\main"Start Page" (about blank)

CoolWebSearch- File- C:\Windows\system32\wbem\logs\wbemess.log

CoolWebSearch- Regkey- HKEY_CLASSES_ROOT:clsid\(676575dd-4d46-911d-8037-9b10d6ee8bb5)\

Surfaccuracy- File- C:\System Volume Information\_restore(07785F98-E5B8-471A-C82BD00A5B16)\RP269\A0066213.exe

Surfaccuracy- File- C:\System Volume Information\_restore(07785F98-E5B8-471A-C82BD00A5B16)\RP271\A0067608.exe

SpywareShooter

I just realized that Panda removed the infected files. Can you please scan with it again and post the log? Your HJT log is clean.

Liquidsmoke

Here is the new log from Active Scan:

Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\MYSEARCHTOOLBAR.TOOLBARPLUGIN
Adware:adware/searchaid No disinfected HKEY_CLASSES_ROOT\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5}

SpywareShooter

I wouldn't worry about those two entries. Since Panda can't remove them, and they are located in the Registry, I would not reccomend manual removal of them. If you are editing the registry and do not know what you're doing, you could render parts of your system unusable.

As precaution measures for the future, please follow these steps to ensure that your computer stays clean and secure:

1. Always have AntiVirus software running - Having an AntiVirus is very important and can protect you in the future from all kinds of viruses, spyware and other malicious software.
   
   
2. Keep your AntiVirus program updated - Without having an updated AntiVirus program you will be susceptible to any form of new malware as it is released. If your AntiVirus software has the option of Automatic Updates you should enable it. If not, visit the producer's website at least once a week and download any updates for the product.
   
   
3. Use a Firewall - Using a firewall is essential in the Internet today. Having one at default settings will block intruders from accessing your computer and can block new programs from installing without your consent.
   
   
4. WindowsUpdate - Make sure that you keep your computer updated by visiting [link=http://www.windowsupdate.com]windowsupdate.com[/link] weekly, and downloading any critical updates. Many of these updates are against hackers and malware installations. Without all critical updates you will be susceptible to many of the spyware creator's tricks to get you to install their software. Download and install all critical updates and reboot your computer. Continue this until all critical updates have been installed.
   
   
5. Anti-Spyware Software - Spybot - Search & Destroy and Ad-Aware SE
   
   Both of these programs are free and reccomended by many anti-spyware professionals. You should download them from the links below, keep them updated, and scan weekly.
   
   Spybot - Search & Destroy
   Ad-Aware SE Personal Edition 1.06
   
   
6. Secure Internet Explorer - Spyware Shooter is a free program which I developed for the cause of blocking malicious websites from installing spyware onto your computer. Please check for updates weekly and download any new releases to make sure that you are safe against newly-disovered websites.
   
   Spyware Shooter home page

How to say "thanks":

1. Donations are not accepted - At Short-Media we do not accept donations. If you have found this website helpful, you can contribute in the following ways.
   
2. Stick Around - Without users like you, Short-Media would not be as successful as it is today. One way you can thank us is to stick around the forums. Even if you are not a computer professional you can learn by reading past topics in the forums, or if you do not feel comfortable helping, there are a few forums for non-computer-related topics.
   
3. Refer Friends - If you know anyone who is having problems with their computers, or just needs a place to chill online, they would make a great addition to the Short-Media community.
   
4. Fold! - Folding is a safe and easy way to help find a cure for fatal diseases such as Alzheimer's. You can learn more about folding at the topic "[link=http://www.short-media.com/forum/showthread.php?t=3"]Everything About Folding@Home[/link]"

Liquidsmoke

Thanks a lot Shooter! Definatly I will be around here. Maybe help someone with the same problem.