Help With Hijack, Please

I just got rid of Weather bug from my son's computer,
You can go to add/remove programs and see if you can remove it that way, Killed the remains of it with HJT, Also tick it off from msconfig
Can you run HJT on her computer copy to disk and post it from yours ?

Okay, I may have a second here before geetting redirected to error place... my current hell!

For several days I've had a redirect to errorplace where I then get a "Do you want to install Joystick?" which is a Media Motor product. I say no and get another popup that says I have to say yes in order to continue. I X out of that and get left with a blank page.

I've also had my search sidebar hijacked. Appears to be part of the same jerks idea of fun. This is all malware / spyware from what I can tell.

Well, I've gone into everything I know to do, and there were hundreds of things needing to be deleted. I cleaned cache, reset internet settings, emptied cookies, files, history, and all of that and restarted. Nope... Still there. It keep coming back. Even folders I deleted are getting replaced. (Bargain Buddy, Search Locate, etc.)

So, following is my HJT log. Can someone tell me what else needs to be deleted and if it needs to be in safe mode, how do I do that? My computer starts so fast I barely see the start-up page, so if I'm suppose to hit esc or something let me know if I do it as soon as I see the start-up.

Logfile of HijackThis v1.98.2
Scan saved at 11:07:54 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\yzbalkjuk.exe
C:\WINDOWS\uqrr.exe
C:\WINDOWS\dihqsgu.exe
C:\WINDOWS\dcwhubl.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: BrowserAngel Sidepanel - {D6CA5D91-5EA2-4654-9B75-499267012611} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {C50E1306-B84E-47E0-9958-3BB90E2DCDCB} - C:\WINDOWS\ngdigk.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {CC6E5F28-4BE0-4473-8E92-79E56DF911A0} - C:\WINDOWS\edvucd.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BA Toolbar - {952EC978-4920-4F18-8237-91D69B54C580} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kjuxvsz] C:\WINDOWS\yzbalkjuk.exe
O4 - HKLM\..\Run: [wjotcpdm] C:\WINDOWS\uqrr.exe
O4 - HKLM\..\Run: [vgznulm] C:\WINDOWS\dihqsgu.exe
O4 - HKLM\..\Run: [hdscn] C:\WINDOWS\dcwhubl.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109

I think HJT may have fixed a couple of things, but it is still happening, so I need to know what gets the big boot to the trash can here. Thanks in advance.

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: BrowserAngel Sidepanel - {D6CA5D91-5EA2-4654-9B75-499267012611} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O2 - BHO: jimmyhelp.CBrowserHelper - {C50E1306-B84E-47E0-9958-3BB90E2DCDCB} - C:\WINDOWS\ngdigk.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {CC6E5F28-4BE0-4473-8E92-79E56DF911A0} - C:\WINDOWS\edvucd.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O3 - Toolbar: BA Toolbar - {952EC978-4920-4F18-8237-91D69B54C580} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [kjuxvsz] C:\WINDOWS\yzbalkjuk.exe
O4 - HKLM\..\Run: [wjotcpdm] C:\WINDOWS\uqrr.exe
O4 - HKLM\..\Run: [vgznulm] C:\WINDOWS\dihqsgu.exe
O4 - HKLM\..\Run: [hdscn] C:\WINDOWS\dcwhubl.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

. Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\WINDOWS\ngdigk.dll
C:\WINDOWS\edvucd.dll
svchosting.exe
C:\WINDOWS\yzbalkjuk.exe
C:\WINDOWS\uqrr.exe
C:\WINDOWS\dihqsgu.exe
C:\WINDOWS\dcwhubl.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe <<Delete the entire folder

Restart your computer and post back a fresh log please

Thank you, Don. Gonna give it a try. Thought the last half dozen items were strange looking but didn't want to delete them until I knew for sure. That may be why this mess keeps coming back.

Will repost new log shortly.

Okay, I got all of that + some other stuff that appeared. Here's my new log. Did I get it all? Hey, I think I'm learning to read this stuff! Still not sure about the ones in bold...




Logfile of HijackThis v1.98.2
Scan saved at 10:08:47 PM, on 9/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109

Those 2 must go, Have HJT fix them the same way you did the others,
Before you do I m assuming you have Ad-aware, Check it for updates, But don't run it yet,

Have HJT fix the above, Then reboot to safe mode and search for and delete
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\msbe.dll
While still in safe mode scan with Ad-aware,
Next restart your computer and scan again with it,

I need to go stare at the inside of my eyelids I will check back tomorrow



This one is legit "Internet Explorer Radio Bar"

Okay, I'm not seeing anything in the HJT Log, but for some reason my sidebar/ search is still hijacked. It SAYS:

(Note that there is no MSN logo at the top of the sidebar. No color or anything, just jumps into a plain white search sidebar)

Choose a category for your search:

O Find a Web page
O Find a person's address
O Find a business
O Find a map
O Look up a word
O Find a picture
O Previous searches

Then a search box to enter your query with a search button to click. Next to the button it says Brought to you by MSN Search

Search for other items: (these are links)
Files or Folders
Computers
People

So I enter a query and click search button. It takes me to:

We can't find "g.msn.com"

You can try again by typing the URL in the address bar above.
Or, search the Web:

Go to MSN Search to see complete results for "g.msn.com".

Check availability or register the domain name 'g.msn.com'.
--------------------------------------------------------------------------------

More information about this error.
About Results

Powered by MSN Search


?2003 Microsoft Corporation. All rights reserved. Terms of Use TRUSTe Approved Privacy Statement

Now, what is interesting is that:

We can't find "g.msn.com" links to http://g.msn.com/0SEENUS/images/dns-info.gif

You can try again by typing the URL in the address bar above.
Or, search the Web:


Go to MSN Search to see complete results for "g.msn.com". Links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=online+casino



Check availability or register the domain name 'g.msn.com'. links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=debt%2Bconsolidation
--------------------------------------------------------------------------------

More information about this error. Links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=viagra

About Results links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=travel

Powered by MSN Search links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=credit%2Bcards


?2003 Microsoft Corporation. All rights reserved. Terms of Use TRUSTe Approved Privacy Statement links to http://g.msn.com/0SEENUS/SAWS01?!&FORM=IE6

Will post my HJT log again to see if anyone knows what to do to get my REAL MSN search back.

Hi again squinney

Give this a shot
Close all Internet Explorer windows.
Open Control Panel. Click Start>Settings>Control Panel.
Double-click the Internet Options icon.
In the Internet Properties window, click the Programs tab.
Click the "Reset Web Settings…" button.
Select "Also reset my home page." Click Yes.
Click OK.

Post back a fresh log too please

Thank you, Don.

BTW, in my HKCU\ software\ microsoft\ internet explorer\ main file the g.msn file you had me get rid of was still showing up today. I changed it through regedit to http:\\ie.msn.com. That started giving me a "cannot be found" page when I open search in IE. Any idea what that link should be?

Here's the lnewest log:

Logfile of HijackThis v1.98.2
Scan saved at 12:20:18 AM, on 9/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109

So, any idea how to get my search sidebar back?

Is this the page?

I have this problem too, if anyone finds a solution please help.