Problem with searchweb2 could anybody help me please!?

Hi,
i've tried everything with, ad-aware, spybot, cwshredder but i can´t fix this problem. The page of searchweb2 always appears when i start the internet explorer and also appears a bar that i always have to close.
i think that de only way to stop this is with hijack but i don't know how to work with this program. Could you help me with this. Thanks
this is my logfile:

Logfile of HijackThis v1.98.2
Scan saved at 21:05:27, on 18-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Bruno\Menu Iniciar\Programas\Bluetooth\USB Software\bin\btwdins.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\TGTSoft\StyleXP\StyleXP.exe
C:\Programas\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Bruno\Menu Iniciar\Programas\Bluetooth\USB Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Bruno\Menu Iniciar\Programas\Motores de Download\eMule\emule.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruno\Os meus documentos\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bfrarlacoarorh.com/3LE5g52O6YrzeIozZpNX0O8Injrvzyo5_gTasEpVQG3mRallhp0KB0S90RDLrRKx.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: PK
O1 - Hosts: µrB1•F¢«^RsbRecovery.reg—á_lÐVÆ~¡\פÀ°íÐ/¨"ÚWb‘^[ccÔ@w¶a<>a‹½V
O1 - Hosts: «½
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F543BD1-3894-A044-2214-6EA4429681AD} - C:\DOCUME~1\Bruno\APPLIC~1\AUDIOK~1\coolbuild.exe
O2 - BHO: (no name) - {3CB5FCAD-7F7A-9AF2-3C0F-545A6CB71E5A} - C:\PROGRA~1\AUDIOK~1\coolbuild.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Bruno\MENUIN~1\PROGRA~1\ANTIPO~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {676E8CDF-4BC4-512E-CC52-9360D7A38664} - C:\PROGRA~1\AUDIOK~1\coolbuild.exe (file missing)
O2 - BHO: (no name) - {6776090B-E2A4-9EAA-6A36-4FBCA8628696} - C:\PROGRA~1\AUDIOK~1\Gpl draw.exe (file missing)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programas\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {EDD56E47-2A17-BE8F-299B-BEFFB815F9D6} - C:\PROGRA~1\AUDIOK~1\Gpl draw.exe (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O2 - BHO: (no name) - {FCA33877-40CA-B255-E53D-3710D9C832C4} - C:\PROGRA~1\AUDIOK~1\coolbuild.exe (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [plan plus multi junk] C:\Documents and Settings\All Users\Application Data\Info Pile Plan Plus\Bird Load.exe
O4 - HKLM\..\Run: [Info creative name plan] C:\Documents and Settings\All Users\Application Data\Stupidmessinfocreative\Onlinesize.exe
O4 - HKLM\..\Run: [Dartcreativeholefile] C:\Documents and Settings\All Users\Application Data\infodefydartcreative\Eq face.exe
O4 - HKLM\..\Run: [mediaarmyinternetreadme] C:\Documents and Settings\All Users\Application Data\partsurfmediaarmy\About Blue.exe
O4 - HKLM\..\Run: [byte grid up sixth] C:\Documents and Settings\All Users\Application Data\ItchPartByteGrid\closeford.exe
O4 - HKLM\..\Run: [PelSetupRun] E:\setup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programas\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Warn Bias] C:\DOCUME~1\Bruno\APPLIC~1\LOGOOP~1\16 mp3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Documents and Settings\Bruno\Menu Iniciar\Programas\Bluetooth\USB Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Documents and Settings\Bruno\Menu Iniciar\Programas\Bluetooth\USB Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Documents and Settings\Bruno\Menu Iniciar\Programas\Bluetooth\USB Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1F48DF8-8035-44D7-84C7-52779FAAD60C}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9312F60-630A-4B49-B492-ED46A5CB9C32}: NameServer = 194.65.100.117

Thread moved from lounge.

Hi DreadFly,

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

Logoff your internet connection. Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bfrarlacoarorh.com/3LE5g52O6YrzeIozZpNX0O8Injrvzyo5_gTasEpVQG3mRallhp0KB0S90RDLrRKx.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: PK
O1 - Hosts:
µrB1•F¢«^RsbRecovery.reg—á_lÐVÆ~¡\פÀ°íÐ/¨"ÚWb‘^[ccÔ@w¶a<>a‹½V
O1 - Hosts: «½
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [plan plus multi junk] C:\Documents and Settings\All Users\Application Data\Info Pile Plan Plus\Bird Load.exe
O4 - HKLM\..\Run: [Info creative name plan] C:\Documents and Settings\All Users\Application Data\Stupidmessinfocreative\Onlinesize.exe
O4 - HKLM\..\Run: [Dartcreativeholefile] C:\Documents and Settings\All Users\Application Data\infodefydartcreative\Eq face.exe
O4 - HKLM\..\Run: [mediaarmyinternetreadme] C:\Documents and Settings\All Users\Application Data\partsurfmediaarmy\About Blue.exe
O4 - HKLM\..\Run: [byte grid up sixth] C:\Documents and Settings\All Users\Application Data\ItchPartByteGrid\closeford.exe
O4 - HKCU\..\Run: [Warn Bias] C:\DOCUME~1\Bruno\APPLIC~1\LOGOOP~1\16 mp3.exe


Any idea what AUDIOK..... is?

O2 - BHO: (no name) - {1F543BD1-3894-A044-2214-6EA4429681AD} - C:\DOCUME~1\Bruno\APPLIC~1\AUDIOK~1\coolbuild.exe
O2 - BHO: (no name) - {3CB5FCAD-7F7A-9AF2-3C0F-545A6CB71E5A} - C:\PROGRA~1\AUDIOK~1\coolbuild.exe (file missing)
O2 - BHO: (no name) - {676E8CDF-4BC4-512E-CC52-9360D7A38664} - C:\PROGRA~1\AUDIOK~1\coolbuild.exe (file missing)
O2 - BHO: (no name) - {6776090B-E2A4-9EAA-6A36-4FBCA8628696} - C:\PROGRA~1\AUDIOK~1\Gpl draw.exe (file missing)
O2 - BHO: (no name) - {EDD56E47-2A17-BE8F-299B-BEFFB815F9D6} - C:\PROGRA~1\AUDIOK~1\Gpl draw.exe (file missing)
O2 - BHO: (no name) - {FCA33877-40CA-B255-E53D-3710D9C832C4} - C:\PROGRA~1\AUDIOK~1\coolbuild.exe (file missing)


Any idea what these are?

O4 - HKLM\..\Run: [PelSetupRun] E:\setup.exe
O4 - Global Startup: BTTray.lnk = ?


These are resource hogs that can be safely removed:

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

Next....

Boot into Safe Mode. Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode.

Make sure your computer is configured to show all files and folders.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.
Uncheck the Hide Protected Operating System Files (recommended) option.
Click Yes to confirm.
Click OK.

Delete the following files:

C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\msbe.dll


Delete the following folders:

C:\Documents and Settings\All Users\Application Data\Info Pile Plan Plus\
C:\Documents and Settings\All Users\Application Data\Stupidmessinfocreative\
C:\Documents and Settings\All Users\Application Data\infodefydartcreative\
C:\Documents and Settings\All Users\Application Data\partsurfmediaarmy\
C:\Documents and Settings\All Users\Application Data\ItchPartByteGrid\
C:\DOCUME~1\Bruno\APPLIC~1\LOGOOP~1\

Next....

Open My Computer, browse to C:\documents and settings\User Name(repeat for all users)\local settings\temp folder and delete all files and folders in it.

Open My Computer, browse to C:\Windows\Temp folder and delete all files and folders in it.

Open Internet Explorer click Tools > Internet Options > General. Check "delete all offline content", click "Delete Files" then Click OK.

Empty your Recycle Bin.

Reboot normally and post a fresh HijackThis log.

Tom