Searchweb2 removal help! ~.~

Hi all, i'm trying to remove this searchweb2.com searchbar which apparantly comes with messenger plus. I've removed messenger plus but still need help in removing the searchbar. Please help with the hijackthis log and advise me on how to remove it... Thanks in advance...

Logfile of HijackThis v1.98.2
Scan saved at 8:28:09 AM, on 9/30/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\Promon.exe
C:\WINDOWS\System32\Promon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ICQPlus\vplus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\National University of Singapore\NUS-VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D631F55-0F71-38C6-4DFF-5D3E97F65163} - C:\PROGRA~1\ARMYLI~1\LoadLogo.exe
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [abaak] regedit -s c:\windows\system\winlog\WIN32log.cer
O4 - HKLM\..\Run: [ziqlog] regedit -s c:\windows\system\winlog\WIN32log.cer
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bird free] C:\PROGRA~1\PLUSGR~1\castmeal.exe
O4 - HKLM\..\Run: [Hide drive bits grey] C:\Documents and Settings\All Users\Application Data\flap two hide drive\joyeach.exe
O4 - HKCU\..\Run: [] regedit -s c:\windows\system\winlog\WIN32log.cer
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Program Files\Tweak-XP Pro 3\autostart.exe"
O4 - HKCU\..\Run: [VirtualDesktop] "C:\Program Files\Tweak-XP Pro 3\virtuald.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP7\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP7\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_rd18_5420 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.myplay.com.tw/service/fmplayerKland.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
O16 - DPF: {980105AE-6031-4855-98F0-2CBF5A76F700} (PowerFTP Control) - http://dist.cachenet.com:8080/PowerFTP.CAB
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://64.106.242.160/FileOpen.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rsinstaller.cab

bump, can any kind soul help me with this? =/

I can help, does that make me a kind soul?

Right, first make sure all ur files and folders are visible, do this by going into:
My Computer
Tools
Folder Options
View

and put on "Show hidden files and folders", while ur here uncheck "Hide extensions for known file types" and "Hide protected operating system files"

Next, reboot in Safe Mode. To do this press F8 rapidly as the computer is loading. Then look for (and delete!!) the following:

C:\Documents and Settings\All Users\Application Data\flap two hide drive\joyeach.exe

Empty ur recycle bin and the toolbar should have gone!!!

Let me know what happens

JuanCarlos

Btw I should add there is an LOP remover available from the searchweb2 site but you have to ask yourself: is it wise to trust the people who've already downloaded spyware onto ur PC once before?

Personally I say "no" so its best to do it manually

justln hasn't been online since October 4th and isn't subscribed to receive email notifications for threads - so I doubt he'll see your help. I'd also guess that he hasn't been living with a spyware problem for over 3 months. Perhaps your help would be more valuable if you replied to more recent threads

O yeh, didnt see the date

O well, his loss

As the author of this thread has not responded in over 3 months, this thread will now be closed. If you need the thread reopened in the future, please PM a mod.

Thanks,
Tom