mysearchnow:(!!!!

Unknown

Hello!

Since i have downloaded MSN Messenger Plus!, a search bar (from mysearchnow) appears at the bottom of my screen, and also advertisements everytime i open up Internet Explorer.
I uninstalled Messenger Plus!, but the search bar remains on my computer.

I already scanned my computer with spybot and ad-aware, but they found nothing about this matter. Then i used HijackThis (see the report below).

I also tried to delete the following line, but it reappears everytime i restart my computer: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/...g/mail?.intl=fr

Could you please help me to get rid of this. Thank you very much
Here is the Hijack report:


Logfile of HijackThis v1.98.0
Scan saved at 21:57:28, on 05/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\tppaldr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
E:\Multimedia\Winamp3\winampa.exe
C:\WINDOWS\System32\msawindows.exe
C:\PROGRA~1\LESS BASH LICENSE\KNOB AXIS.exe
E:\bureautique\Money\System\reminder.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Winrar\WinRAR.exe
C:\DOCUME~1\Nath\LOCALS~1\Temp\Rar$EX00.359\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/...g/mail?.intl=fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\bureautique\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BAT BASE - {652FAB99-77B1-ABD2-93EE-5A92A2B75DA7} - C:\PROGRA~1\GrimMail\Play List.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] "E:\Multimedia\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [Draw road] C:\PROGRA~1\LESS BASH LICENSE\KNOB AXIS.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKCU\..\Run: [Reminder] E:\bureautique\Money\System\reminder.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: ADILOOK Français sur disque C.LNK = C:\COKTEL\ADI4\ADILOOK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Multimedia\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab28578.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...wn.cab28177.cab

gibbonsl

looks like you have this

http://www.spywareguide.com/product_show.php?id=24

try this removil tool

http://www.spywareguide.com/product_show.php?id=24

vince_gyver1

Ok, thanks.

I scan my pc with XoftSpy 3.41, and it found 20 files and registries (value and key). Does it mean all these files and registries need to be removed?

Maybe some of them are necesary...?

Thanks for you answer

vince_gyver1

Are there FREE solutions to get rid of this "mysearchnow" toolbar?? Dont want to pay $20 for that!!

Thanx

DanG

Just so you know for next time, you are given the option to install MSG plus both with and without the adware.

vince_gyver1

Thank you, i knew that.

But i would apreciate if somebody could read my HijackThis log and give her/his interpretation.
Thank you, this search bar is driving me crazy.

Dexter

Helping via PM...

Dexter...