Hi. I figured I was pretty experienced in spyware removal so far... but I have a new problem. I have a toolbar from www.mysearchnow.com that keeps coming back after I remove it. I have HiJackThis! and I try to delete every entry I can that I think relates to this search bar, but in about 3 days or so it comes back! I have posted the HiJackThis! scan log below. Maybe I missed a checkbox? Maybe I have to delete a file on my computer? Can anyone give me a COMPLETE list of what to do to TOTALLY clear this goddamned search bar from my computer permanently? THANKS!!!

Logfile of HijackThis v1.95.0
Scan saved at 8:32:09 PM, on 6/1/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Navnt\POProxy.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Daemon\daemon.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SAVE4C~1\ball eq balm.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\ICQPlus\vplus.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Winamp3\Studio.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=searchweb2.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=http=localhost:8080;https=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O2 - BHO: (no name) - {B7B1DF11-90A4-20A2-F921-7F0ED8C7016C} - C:\PROGRA~1\SENDBO~1\KeepBits.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O3 - Toolbar: Second Gram - {0F3CEB4F-20B3-46C3-E157-13B3C9562F59} - C:\PROGRA~1\SENDBO~1\KeepBits.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POProxy.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [inside atom] C:\PROGRA~1\SAVE4C~1\ball eq balm.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/050facb35781ce66e821/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37914.6545138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/ieplugin.CAB

GMT.exe is a Gator program (adware, possibly spyware and/or trojan/virus)
CMEsys.exe is a similar bastard.
C:\PROGRA~1\SAVE4C~1\ball eq balm.exe looks suspicious
C:\PROGRA~1\SENDBO~1\KeepBits.dll ditto
[TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot is a common suspect (tinkerbell)
Your last entry http://download.rfwnad.com/cab/ieplugin.CAB does not look kosher either.

Unless you have a very good reason to keep any of the above, remove them and their associated junk.
Then uninstall that searchbar.

surf here for a free quick online test:
http://www.webroot.com/services/spyaudit_03.htm
I find them quite good, in addidtion to Adaware and Spybot.

Maybe you should visit that porn site less often? Or at least using a non-IE browser

You should consider running several anti-spyware programs and keeping them up to date. They need constant updates just like AV progs.

Turning up IE security is a good idea too.

Of course, be sure when you run both Adaware and Spybot S&D that you have the most recent definition updates. Also get the most recent detection engines, if you haven't.

Try that in safemode, then rerun hijack this immediately after a reboot, let us see what comes up. I know S&D goes after tinkerbell, not sure about the other stuff RBS mentioned.

Nodsu's right, using Mozilla helps avoid much of this nonsense, but his flame wasn't needed.

let us know how it goes.