Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remove Blue Search Toolbar in IE 2

Status
Not open for further replies.
TOTCOM11

TOTCOM11

Programmer
Joined
Aug 5, 2003
Messages
199
Location
US
As the subject line suggests, I'm trying to remove a blue search toolbar, that automatically installed itself on my IE browser. I have tried using programs suchs as PestPatrol and Ad-Aware, but none of these programs have been able to remove the toolbar. The frustrating thing is I use the Google toolbar which I really love. But this annoying blue serach toolbar replaces the Google toolbar, even after I remove the blue toolbar and manually replace it with Google. If I actually try using the blue search toolbar, it takes me to Lop.com, which I'm sure is the site that installed the damn thing on my computer in the first place. Does anyone have any suggestions of what I can do to get rid of this menace?

TOTCOM11
 
Sort by date Sort by votes
I forgot to mention the name of the toolbar when I go to "uncheck" it and put google up instead is "atglglyoust". I tried SpyBot as well, and it did not get rid of the problem. If I try doing this manually with the provided link, does it take a long time to get rid of the problem?

TOTCOM
 
Upvote 0 Downvote
It should not take you long to do it manually. Just substitute "atglglyoust" where appropriate in the instructions. The lop parasite is a pain because of the random name assignments, but the instructions have worked flawlessly in my experiences with this malware. BE SURE and back up your registry before you do the registry edits, for safety's sake. Post back if you need help.
 
Upvote 0 Downvote
OK, I tried going through the manual instructions, but I did not find ANY of the examples that were in the data applications folder OR the registry. However, there were files in the data application folder. The instructions said that most likely there shouldn't be any files, just folders. What should I do?
 
Upvote 0 Downvote
Download Hijack This. Post your log file after running it (just copy it out of the window and paste it in here). We'll go from there.
 
Upvote 0 Downvote
Here goes nothing:

Logfile of HijackThis v1.97.3
Scan saved at 12:44:06 PM, on 11/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\iPod\Bin\iPodSrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iPod\Bin\iPodWatcher.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Icon Text Manager.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\UltimateZip\uzqkst.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\KaZaA Lite\Kazaa.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PestPatrol\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\WINDOWS\regedit.exe
C:\Xtra\Download\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d0cae62c-4de7-42be-a398-815a83894644} - C:\DOCUME~1\VESTCR\APPLIC~1\lyqxofgbr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: atglglyoust - {2c2646a8-8a1a-4ba8-b1bc-196dc611d14e} - C:\DOCUME~1\VESTCR\APPLIC~1\lyqxofgbr.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iPodWatcher] C:\Program Files\iPod\Bin\iPodWatcher.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [Icon Text Manager] C:\WINDOWS\System32\Icon Text Manager.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: Yahoo! Fleet - O16 - DPF: Yahoo! NFL GameChannel StatTracker - O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - O17 - HKLM\System\CCS\Services\Tcpip\..\{C8D64E1F-C9F1-4BEC-9759-F07A1DCC12F8}: NameServer = 65.43.19.26 206.141.192.60


Let me know what you think I should do.
Thanks,
TOTCOM
 
Upvote 0 Downvote
Run it again, this time check the very last entry,
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8D64E1F-C9F1-4BEC-9759-F07A1DCC12F8}: NameServer = 65.43.19.26 206.141.192.60

and let Hijack This remove it..
 
Upvote 0 Downvote
Also, go into your Control Panel, Add/Remove Programs and see if you find anything to the tune of "Window Active" or "Browser Enhancer" or "Ultimate Browser Enhancer" listed there. If so, remove it.
Lop's a real PIA. There's many ways to go about it, or so I keep learning.
 
Upvote 0 Downvote
Gotta quit clcking so fast. Also, remove these entries with Hijack This:

O2 - BHO: (no name) - {d0cae62c-4de7-42be-a398-815a83894644} - C:\DOCUME~1\VESTCR\APPLIC~1\lyqxofgbr.dll

O3 - Toolbar: atglglyoust - {2c2646a8-8a1a-4ba8-b1bc-196dc611d14e} - C:\DOCUME~1\VESTCR\APPLIC~1\lyqxofgbr.dll
 
Upvote 0 Downvote
Thank you so much! You deserve a star for that! It's been taking me forever to figure out how to get rid of that damn thing. Once again, thank you so much for your time.

TOTCOM
 
Upvote 0 Downvote
You're welcome. Just out of curiousity...did you have an entry in your Add/Remove Programs list?
 
Upvote 0 Downvote
No I didn't, which I thought was weird. Most sites that I had visited that talked about the lop toolbar, said most likely there would be an entry in the Add/Remove programs as you had previously stated. I'm just glad it's over and done with.
 
Upvote 0 Downvote
Thanks. Me too.
The problem with 'lop' is that is has evolved constantly. Used to be easy to clean, then got more sophisticated. A lot of what's out there on it is outdated (kind of like the ISearch hijack, I recently learned.)
At any rate, good luck!
 
Upvote 0 Downvote
AFAIK all these kinds of hijackware start off with a user saying -yes- to an activeX prompt somewhere?

Or getting & running an executable email attachment?

Since the cure is so painful, I think prevention might be a good idea (don't click yes to activeX stuff, definitely don't have them set to auto run in your IE settings).

Or, don't use IE. I don't even see those activeX prompts with firebird.

Thoughts?

Posting code? Wrap it with code tags: [ignore]
Code: 
[/ignore][code]CodeHere
[ignore][/code][/ignore].
 
Upvote 0 Downvote
Newsflash, the cure wasn't that painful. Internet explorer works great for me, and even Mozilla and Netscape has issues with this. Thanks for your concern, but my problem is already fixed.
 
Upvote 0 Downvote
clarkin,

Afraid you're a little misinformed, you should read up on your spyware.
A great many of the currently known malware/spyware apps don't ask for consent, hence the name hijack.
A number that grows daily, are drive-by malwares that come on board as a way of saying "thanks for stopping by."
As TOTCOM11 notes, the cure isn't very painful.
Your browser is your choice. Don't be instrusive.
 
Upvote 0 Downvote
Hi!

I've been reading the posts here about the lop toolbar. I got rid of it once but now, it's back and I can't seem to get rid of it this time. I used Ad-aware and it found lots of lop entries which I quarantined and thought that was the end of it. Unfortunately, that wasn't. Next, I used Spybot and that found a few things that Adaware had missed. Unfortunately, that irritating blue bar is still there.

The letters that I found in the view/toolbars area are mcrcrgreafr.

I saw the previous message about using HijackThis and here is the information I received.

Please let me know what to delete to get rid of this bar once and for all:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\minilog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\RoboMagic\MoonPhase\moon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Devices\UD.exe
C:\Program Files\United Devices\ud_1396140.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
F:\Applications\Hijackthis ad removal stuff\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {a7ebd5b0-39f9-4cc2-a541-32cf3277d76e} - C:\DOCUME~1\Jan\APPLIC~1\hstqsqugcr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: mcrcrgreafr - {b9000724-05dd-4ca3-9bff-9aa0f97c5179} - C:\DOCUME~1\Jan\APPLIC~1\hstqsqugcr.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Startup: Shortcut to msmsgs.lnk = C:\Program Files\Messenger\msmsgs.exe
O4 - Startup: Shortcut to UD.lnk = C:\Program Files\United Devices\UD.exe
O4 - Startup: Shortcut to zapro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe
O4 - Global Startup: MoonPhase.lnk = C:\Program Files\RoboMagic\MoonPhase\moon.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 2.1.0.84 - O16 - DPF: ChatSpace Full Java Client 4.0.0.300 - O16 - DPF: ChatSpace Java Client 2.1.0.84 - O16 - DPF: ChatSpace Java Client 2.1.0.84N - O16 - DPF: Yahoo! Chat - O16 - DPF: {01112303-3E00-11D2-8470-0060089874ED} - O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
Thank you,
Shykat
 
Upvote 0 Downvote
Delete these:

O2 - BHO: (no name) - {a7ebd5b0-39f9-4cc2-a541-32cf3277d76e} - C:\DOCUME~1\Jan\APPLIC~1\hstqsqugcr.dll

O3 - Toolbar: mcrcrgreafr - {b9000724-05dd-4ca3-9bff-9aa0f97c5179} - C:\DOCUME~1\Jan\APPLIC~1\hstqsqugcr.dll

 
Upvote 0 Downvote
Carrr,

Thank you very much! That certainly did the job at getting rid of that irritation.

Is there a good way to prevent it from happening again??

The only thing that had changed before getting that blue search bar was the update of MSN Messenger Plus. :( This happened to me one time before but I can't remember if it was after installing the MSN Messenger Plus or updating it or what it might have been after but I was able to get rid of the toolbar the last time but none of those tricks worked this time.

Thanks to your timely help, I am blue toolbar free once again.

Thank you,
Shykat
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

moveit
  • Locked
  • Question Question
Firefox will not let me sign in to my Tesco account
Replies
4
Views
2K
teknance
teknance
Tedwhite
  • Locked
  • Question Question
How To Fix Firefox Freezing Issue In Windows 10?
Replies
2
Views
1K
Tedwhite
Tedwhite
demigod7
  • Locked
  • Question Question
No internet in browser even after being connected to the internet
Replies
1
Views
819
xwb
xwb
weberm
  • Locked
  • Question Question
How do I keep the Favorites bar from reappearing in Windows 10?
Replies
2
Views
664
Finsery
Finsery
goombawaho
  • Locked
  • Question Question
Google search results look different in Firefox as of today
Replies
3
Views
551
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top