MySearchNow bar

I guess i have an intelligent Hijacker... i've tried using spybot S&D, hijackthis, adaware, BHODemon, and every single time it's removed it. But sometimes without restarting, and sometimes with, it re-appears. It always changes the start page, and sometimes has a bar inbedded in IE, and somtimes at the bottom of the screen. I have System Restore turned off. Norton Antivirus doesn find anything either. Any help would be great... thanks!

 

Have you tried uninstalling it from your system, I have had to fix a few computers with that problem and the only thing that would work is if I uninstalled it from programs list and then run spybot, ad aware and hijackthis.

That would get it away from the computer for good.

~LuMa

 

Yup i've tried cw shredder too, and it said I was clean. Also, it does not appear anywhere in the 'add/remove programs' folder so i can't uninstall it there, any other ideas there. i just ran hijack this earlier today, so the bar is gone for the moment, but when it re-appears again, likely tomorrow, i'll post it then. Until then, any other ideas would be great. Thanks!

 

alright, it's back, and here's my hijack this log. I'm running Norton AV, and i think spybot search&destoy. that should be the only antivirus i have. Obviously #1-5, and #7 should be the ones to delete, and i'm guessing the ones with 'Lies Jugs.dll' etc, in it... but i guess i'll shut up and let you tell me what to do now

Logfile of HijackThis v1.97.7
Scan saved at 11:15:04 AM, on 5/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\user\LOCALS~1\Temp\pch2.exe
C:\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
O2 - BHO: (no name) - {21AF1157-D0D5-6D0F-F0C1-B06B972C8EB6} - C:\PROGRA~1\TRUSTT~1\Lies Jugs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: real else vc - {069CAF45-D627-6008-7DEC-C18A421037C2} - C:\PROGRA~1\TRUSTT~1\Lies Jugs.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [OnlineCdrom] C:\PROGRA~1\ATOMDE~1\32third.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38131.5787152778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

ran cwshredder and it said i was completely clean. I ran hijack this and fixed all the suggested, and it's seems to have worked for now. But i could not find pch2.exe in task manager, so i couldn't get rid of it. But other than that, it seems fine. any reason why it might come back again after all this?

 

Hi i'm new here...i dun know how to create a new thread...i hav this hijack browser too...cant get rid of the mysearchnow bar...can anyone help me?