Search Bar!

[grimesy69]

iam now using firefox after failing to get rid of my tool bar in I.E, even after following all of real black stuffs instructions. i have stopped using I.E so i now longer see the toolbar but its still on my system. i have attatched my hijackthis log file. here is the link to a previous thread about my toolbar https://www.techspot.com/vb/topic24055.html

 

[RealBlackStuff]

C:\Documents and Settings\Dan Grimes\Desktop\hijackthis\HijackThis.exe
For the umpteenth time, MOVE Hijackthis to its own folder, NOT on the Desktop!!!!!

As I am not familiar with ColdFusion, I did not check any of its components, I'm assuming they are 'safe'.

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
netserver.exe
netclient.exe
MsgPlus.exe
iexplore.exe (maybe 2 or more times)
Copy Knob.exe
Objuser.exe

UNinstall, if you can, anything to do with:
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\DOCUME~1\DANGRI~1\APPLIC~1\FilmWipe\Copy Knob.exe
This searchbar: C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (you can always reinstall if you trust it, I wouldn't!)
C:\DOCUME~1\DANGRI~1\APPLIC~1\anteheck\Objuser.exe

Next, run a HJT scan and place a tick-mark in the box before these lines (if still there):
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Netserver.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pkwumioococgefhbafszvszv...BjAuPG8wRn9tEZYKccVCv_AvTW/ucrkaUyYE4zutF.htm
O2 - BHO: (no name) - {4C0277F9-A0B6-BBC9-F341-A8738A9B76EE} - C:\DOCUME~1\DANGRI~1\APPLIC~1\FilmWipe\Copy Knob.exe
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Keep Cdrom] C:\DOCUME~1\DANGRI~1\APPLIC~1\anteheck\Objuser.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
Unless this O17 is YOUR ISP, fix it:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB8B84A-2B48-409C-882C-E25214CD6548}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: NetServer - Unknown owner - C:\WINDOWS\system32\Netserver.exe" -service (file missing)

You need to decide if you want to fix this. The (file missing) indicates some error. HJT can 'fix' it, but I don't know the consequence.
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)

When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
Also delete these files (should be in the same directory as C:\WINDOWS\system32\netserver.exe):
_setup.1
_setup.2
_setup.lib
netclient.exe
netserver.exe

Boot normal. When all OK, switch System Restore back on.

 

[grimesy69]

search bar

thankyou realblack stuff my toolbar has now gone thanks for all your help

grimesy