problem with the blue searchbar

Hi...

I am new here and my english isn't very well...
So I hope you can see, what i am trying to explain.
I have the same problem with the blue searchbar and I want to get rid of it soon

Here is my Hijack log file.
When I follow the instructions, the bar remains on his place

Logfile of HijackThis v1.98.2
Scan saved at 13:35:35, on 7-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Windows Programma's\Winamp\winampa.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\windows programma's\Quicktime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
D:\Windows Programma's\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeuvtwklekspgjbzdcmyqqrm.com/38SCcG4MGWm97_vU5Q0cYhRzZ5AY8gQMib_utLpePk46ZJ8ZB7c0GeRa6eYSuc8b.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.50cc.nl/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Windows Programma's\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\windows programma's\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [send manager wave clock] C:\Documents and Settings\All Users\Application Data\Settings new send manager\meow copy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Close Noun] C:\DOCUME~1\RICODE~1\APPLIC~1\WAVEFU~1\else meow.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Windows Programma's\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\WINDOW~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0909BBAB-F8D4-4F8F-9B73-93C7C185E24A}: NameServer = 194.134.5.5 194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{0909BBAB-F8D4-4F8F-9B73-93C7C185E24A}: NameServer = 194.134.5.5 194.134.0.97


So how can I get rid of it...
If i do it like said here it doesn't work

Rico

I have changed the log file ... this is from today!

Thread split - it's better to create a new thread for a new problem, rather than replying to someone else's thread.

Hi foxbuster666,

If you are still having problems, please post a fresh HijackThis log.

Tom

Oke sorry
That was my fault
Because they said i must seperate the two subjects...
Thats why i opened a second thread.
But doesn't matter...

I can't get rid of the blue search bar, and i have tried it allready on the way you are doing it...

foxbuster666,

Please submit a fresh HijackThis log to this thread. We need to keep everything all in one thread, or things get confusing.

Tom

But can you help me with the bar?

Ok, we must have gotten our wire crossed somewhere... sorry

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

If you have any questions before starting the fix, please don't hesitate to ask!

Download Ad-Aware SE Personal Edition version 1.05 from:

http://www.lavasoft.de/support/download/

Run Adaware, click the "Check for Updates now" link. Install the latest reference file

Just update it for now, you will scan with it later!

Next...

Boot into Safe Mode. Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode.

You have Messenger Plus installed. It is an add-on program not written by Microsoft. It contain's the LOP infection (it's what you are infected with now) and it's best to uninstall the program. If you feel you need this program, remove it and reinstall it without installing the "Sponsor" feature.

Please go to Start > Control Panel > Add/Remove Programs > remove Plus

If you remove Messenger Plus, please remove the entries below marked in RED along with the others.

Next...

Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeuvtwklekspgjbzdcmyqqrm.com/38SCcG4MGWm97_vU5Q0cYhRzZ5AY8gQMib_utLpePk46ZJ8ZB7c0GeRa6eYSuc8b.htm
O4 - HKLM\..\Run: [send manager wave clock] C:\Documents and Settings\All Users\Application Data\Settings new send manager\meow copy.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKCU\..\Run: [Close Noun] C:\DOCUME~1\RICODE~1\APPLIC~1\WAVEFU~1\else meow.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

These are resource hogs that can be fixed also:

O4 - HKLM\..\Run: [QuickTime Task] "D:\windows programma's\Quicktime\qttask.exe" -atboottime

Next...

Make sure your computer is configured to show all files and folders.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.
Uncheck hide extensions for known file types.
Uncheck the Hide Protected Operating System Files option.
Click Yes to confirm.
Click OK.

Search for and delete the following folders:

C:\Documents and Settings\All Users\Application Data\Settings new send manager < delete the entire Settings new send manager folder

C:\Program Files\Windows AdService < delete the entire Windows AdService folder

C:\DOCUMENTS AND SETTINGS\RICODE~1\APPLIC~1\WAVEFU~1\else meow.exe

C:\Program Files\Messenger Plus! 3 > delete the entire Messenger Plus! 3 folder

Next....

Go to Start > Run > type "cleanmgr" (without the quotes). > Select the drive to clean up (usually C ) > Place a checkmark next to the following:

Temporary Internet Files
Recycle Bin
Temporary Files

Then click OK.

Next...

Perform a "Full system scan" with Adaware. Allow it to remove anything it finds.

Reboot normally.

Please post a fresh HijackThis log.

Tom