0

this aint my comp its my cousins!!!
HELP THE SUCKER!

Logfile of HijackThis v1.99.1
Scan saved at 12:54:15 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\program files\180search\saap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\beefcake\Desktop\My downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.233.167.104 www.symantec.com
O1 - Hosts: 64.233.167.104 www.sophos.com
O1 - Hosts: 64.233.167.104 www.mcafee.com
O1 - Hosts: 64.233.167.104 www.viruslist.com
O1 - Hosts: 64.233.167.104 www.f-secure.com
O1 - Hosts: 64.233.167.104 www.avp.com
O1 - Hosts: 64.233.167.104 www.kaspersky.com
O1 - Hosts: 64.233.167.104 www.networkassociates.com
O1 - Hosts: 64.233.167.104 www.ca.com
O1 - Hosts: 64.233.167.104 www.my-etrust.com
O1 - Hosts: 64.233.167.104 www.nai.com
O1 - Hosts: 64.233.167.104 www.trendmicro.com
O1 - Hosts: 64.233.167.104 www.grisoft.com
O1 - Hosts: 64.233.167.104 securityresponse.symantec.com
O1 - Hosts: 64.233.167.104 symantec.com
O1 - Hosts: 64.233.167.104 sophos.com
O1 - Hosts: 64.233.167.104 mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com
O1 - Hosts: 64.233.167.104 viruslist.com
O1 - Hosts: 64.233.167.104 f-secure.com
O1 - Hosts: 64.233.167.104 kaspersky.com
O1 - Hosts: 64.233.167.104 kaspersky-labs.com
O1 - Hosts: 64.233.167.104 avp.com
O1 - Hosts: 64.233.167.104 networkassociates.com
O1 - Hosts: 64.233.167.104 ca.com
O1 - Hosts: 64.233.167.104 mast.mcafee.com
O1 - Hosts: 64.233.167.104 my-etrust.com
O1 - Hosts: 64.233.167.104 download.mcafee.com
O1 - Hosts: 64.233.167.104 dispatch.mcafee.com
O1 - Hosts: 64.233.167.104 secure.nai.com
O1 - Hosts: 64.233.167.104 nai.com
O1 - Hosts: 64.233.167.104 update.symantec.com
O1 - Hosts: 64.233.167.104 updates.symantec.com
O1 - Hosts: 64.233.167.104 us.mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantec.com
O1 - Hosts: 64.233.167.104 customer.symantec.com
O1 - Hosts: 64.233.167.104 rads.mcafee.com
O1 - Hosts: 64.233.167.104 trendmicro.com
O1 - Hosts: 64.233.167.104 grisoft.com
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search\saap.exe
O4 - HKLM\..\Run: [zexuf] C:\WINDOWS\zexuf.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ynbcccccebebebicimhminres.dll,_mainRD
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXUS_ZRxdm075XXAU
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: bw+0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2531247C-EE84-48DA-90D9-0CE06088285F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

btw crunchie
Carlton has defeated the West Coast Eagles in the grand final of the Wizard Home Loans Cup, capping off a flawless pre-season with a 27-point win.
[img]http://ninemsn.sportal.com.au/_content/s.gif[/img]:P:P:P:P

2
Contributors
4
Replies
5
Views
12 Years
Discussion Span
Last Post by crunchie
0

BTW. That's not the ideal way to elicit my (and maybe others) help either :D.

im askin 4 ur help and i called my couz the suker

0

Looked more like a demand to me :). Anyway's........

Go to Add/Remove programs and remove(uninstall) the following, if present:

MyWebSearch

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

-------

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u MWSSRCAS.DLLregsvr32 /u MWSBAR.DLL

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

-------

Run HiJackThis then:

  1. Click "Config..."
  2. Click "Misc Tools"
  3. Click "Open Process manager"

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\program files\180search\saap.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

Run HiJackThis and click "Scan", then check(tick) the following, if present:

 O1 - Hosts: 64.233.167.104 www.symantec.com  O1 - Hosts: 64.233.167.104 www.sophos.com  O1 - Hosts: 64.233.167.104 www.mcafee.com  O1 - Hosts: 64.233.167.104 www.viruslist.com  O1 - Hosts: 64.233.167.104 www.f-secure.com  O1 - Hosts: 64.233.167.104 www.avp.com  O1 - Hosts: 64.233.167.104 www.kaspersky.com  O1 - Hosts: 64.233.167.104 www.networkassociates.com  O1 - Hosts: 64.233.167.104 www.ca.com  O1 - Hosts: 64.233.167.104 www.my-etrust.com  O1 - Hosts: 64.233.167.104 www.nai.com  O1 - Hosts: 64.233.167.104 www.trendmicro.com  O1 - Hosts: 64.233.167.104 www.grisoft.com  O1 - Hosts: 64.233.167.104 securityresponse.symantec.com  O1 - Hosts: 64.233.167.104 symantec.com  O1 - Hosts: 64.233.167.104 sophos.com  O1 - Hosts: 64.233.167.104 mcafee.com  O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com  O1 - Hosts: 64.233.167.104 viruslist.com  O1 - Hosts: 64.233.167.104 f-secure.com  O1 - Hosts: 64.233.167.104 kaspersky.com  O1 - Hosts: 64.233.167.104 kaspersky-labs.com  O1 - Hosts: 64.233.167.104 avp.com  O1 - Hosts: 64.233.167.104 networkassociates.com  O1 - Hosts: 64.233.167.104 ca.com  O1 - Hosts: 64.233.167.104 mast.mcafee.com  O1 - Hosts: 64.233.167.104 my-etrust.com  O1 - Hosts: 64.233.167.104 download.mcafee.com  O1 - Hosts: 64.233.167.104 dispatch.mcafee.com  O1 - Hosts: 64.233.167.104 secure.nai.com  O1 - Hosts: 64.233.167.104 nai.com  O1 - Hosts: 64.233.167.104 update.symantec.com  O1 - Hosts: 64.233.167.104 updates.symantec.com  O1 - Hosts: 64.233.167.104 us.mcafee.com  O1 - Hosts: 64.233.167.104 liveupdate.symantec.com  O1 - Hosts: 64.233.167.104 customer.symantec.com  O1 - Hosts: 64.233.167.104 rads.mcafee.com  O1 - Hosts: 64.233.167.104 trendmicro.com  O1 - Hosts: 64.233.167.104 grisoft.com  O1 - Hosts: 64.233.167.104 sandbox.norman.no  O1 - Hosts: 64.233.167.104 www.pandasoftware.com  O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com 
...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.)


 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 


 O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 


 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe  O4 - HKLM\..\Run: [saap] c:\program files\180search\saap.exe  O4 - HKLM\..\Run: [zexuf] C:\WINDOWS\zexuf.exe  O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ynbcccccebebebicimhminres.dll,_mainRD  O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe  O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe  O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\serbw.exe  O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe  O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe  O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\serbw.exe  O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe  O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE 


 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...US_ZRxdm075XXAU 


 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab  O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab 

Now, with all windows closed except HiJackThis, click "Fix checked".

-------

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\MYWEBS~1C:\program files\180searchC:\Program Files\MyWebSearch

files...

C:\WINDOWS\zexuf.exec:\windows\ynbcccccebebebicimhminres.dllC:\WINDOWS\system32\formatsys.exeC:\WINDOWS\msmbw.exeC:\WINDOWS\system32\serbw.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

-------

Post back a new log after rebooting and let me know how everything goes.

Edited by Nick Evan: Fixed formatting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.