Hi-jack this log, please help

[hazzarduk1]

Logfile of HijackThis v1.97.7
Scan saved at 19:41:22, on 21/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\tjqprjod.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\wjview.exe
C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe
C:\fishsim2\fishsim2.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\windows\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.ntlhome.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F2693DAB-215A-4300-9E72-1DE477D2AAA7} - C:\WINDOWS\djso.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [zwybinf] C:\WINDOWS\tjqprjod.exe
O4 - HKLM\..\Run: [hsp] C:\WINDOWS\hsp.exe
O4 - HKLM\..\Run: [tgz] C:\WINDOWS\tgz.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [MorpheusNotice] C:\Program Files\StreamCast\Morpheus\HowToEnableDeskBand.txt
O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B08435-CABB-4723-BF91-1A7034B5D115}: NameServer = 194.168.4.100 194.168.8.100

 

[tnik]

what seems to be the problem? It looks like you might have a virus, these four entries look suspicious..
O2 - BHO: (no name) - {F2693DAB-215A-4300-9E72-1DE477D2AAA7} - C:\WINDOWS\djso.dll

O4 - HKLM\..\Run: [zwybinf] C:\WINDOWS\tjqprjod.exe
O4 - HKLM\..\Run: [hsp] C:\WINDOWS\hsp.exe
O4 - HKLM\..\Run: [tgz] C:\WINDOWS\tgz.exe

my advice would be to reboot your computer in safemode w/ networking and goto an online virus scan like http://housecall.trendmicro.com

 

[hazzarduk1]

im not sure jus alot of things been acting strangely... earlier i got 109 results in ad-aware, ran spybot S-D got another 4.

main problem is if i spell website wrong it goes to lycos search auto maticly.. sometimes it just changed to lycos search by iteself

 

[Couriant]

Run HJT and check these for fixin'
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\RunOnce: [MorpheusNotice] C:\Program Files\StreamCast\Morpheus\HowToEnableDeskBand.txt
O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\MYSETP.EXE" /r
O4 - HKLM\..\RunOnce: [My Search - Search Assistant Installer] "C:\Program Files\MyWay\SrchAstt\MYSRCHSP.EXE" /r

You will need to run CWShredder too to get rid of the CoolWebSearch variants.

 

[Couriant]

Make sure you reboot into safe mode and delete the .EXE files.

In fact for the Ebates one simply delete the Ebates folder