Once again HELP!

Unknown

Several time i asked for your help in the same issue.... this "SearchBar" that keeps appearing in my IE! I do not know what to do, you tell me to erase some files after i used the Hijack This, but the bar is still there. Now that i want to use the Hijack This appear a window that say: some DLL file is missing; and something similar happends when i tried to use the Omega software. How can i get rid of this plague!! This searchbar from"Search the Web!" is making me crazy.
Please help me with this problem.

Eduardo Celis, MD

PS: Is not a law that stops this companies from giving us this terrible problems??

Crunchie

We all are responsible for what is installed on our PC's. If it is set up securely and we do not go where we shouldn't and do not click on things we know better than to, then we are well on the way to an enjoyable internet experience .
Having said that, if you wish to post your hijackthis log, please do so.
Make certain that it is version 1.99 and that it is installed in a permanent folder and not in a temporary folder. Something like this;

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

educelis

As you told me i created a new folder where i put the HJT.exe; but istill doesn´t work, each time i want to run the program appears a window: "A DLL file is missing: MSVBVM60.DLL"
How can i solve this proplem?
Thanks for the help.

Eduardo Celis, MD

Crunchie

You can download it here http://www.dll-files.com/dllindex/dll-files.shtml?msvbvm60

educelis

Ok it works, now the HJT is working, here is what i get, please tell me what to do next in order to eliminate this SearchBar.
Thanks for all

Eduardo Celis, MD

Logfile of HijackThis v1.99.0
Scan saved at 04:58:33 p.m., on 09/01/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\LOGITECH\XEROX TEXTBRIDGE CLASSIC\BIN\SMCACCTR.EXE
C:\ARCHIVOS DE PROGRAMA\HANDSPRING\HOTSYNC.EXE
C:\ARCHIVOS DE PROGRAMA\LOGITECH\XEROX TEXTBRIDGE CLASSIC\BIN\TBMENU.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\MIS DOCUMENTOS\LALO\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pbwwiojjfpzqnhe.com/Zf_RcbRiDrw4JC8UFBfjfPfksVlHMwd0SCIKzCBep7eF2O/Zc6il5Bky30wO1j04.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {860917A9-2E04-6B09-D3A9-59993BAB158A} - C:\WINDOWS\APPLICATION DATA\OOZE DUPE\32 BLUE.EXE
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\ARCHIV~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\ARCHIV~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SearchUpgrader] C:\Archivos de programa\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BoltMixFilmKeep] C:\WINDOWS\All Users\Application Data\send axis bolt mix\4keep.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PAV.EXE] C:\ARCHIV~1\PERAV\PAV.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [McVsRte] C:\ARCHIV~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [FindBurn] C:\WINDOWS\APPLIC~1\FLAGWA~1\Help Proxy.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TextBridge Access Control.lnk = C:\Archivos de programa\Logitech\Xerox TextBridge Classic\bin\SMCACCTR.EXE
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Handspring\HOTSYNC.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: ConferenceRoom Java Client - http://chat.interlatin.com/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adsl
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.48.225.130,200.48.225.146

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pbwwiojjfpzqnhe.com/Zf_R...Bky30wO1j04.cgi
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {860917A9-2E04-6B09-D3A9-59993BAB158A} - C:\WINDOWS\APPLICATION DATA\OOZE DUPE\32 BLUE.EXE
O4 - HKLM\..\Run: [SearchUpgrader] C:\Archivos de programa\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BoltMixFilmKeep] C:\WINDOWS\All Users\Application Data\send axis bolt mix\4keep.exe
O4 - HKCU\..\Run: [FindBurn] C:\WINDOWS\APPLIC~1\FLAGWA~1\Help Proxy.exe

Fix those entries then find and delete the following files:
C:\WINDOWS\APPLICATION DATA\OOZE DUPE\
C:\Archivos de programa\Common files\SearchUpgrader\
C:\WINDOWS\All Users\Application Data\send axis bolt mix\
C:\WINDOWS\APPLIC~1\FLAGWA~1\Help Proxy.exe

Then reboot and post a new log.