Isearch and more...

[yn]

Had Isearch toolbar and apparently some extras hijack my
computer. I removed the toolbar and used several spyware
removal tools, however, IE opens in 1x1 in window.
The installer had this code (Which I altered) '<SCRIPT
language="Javascript">
selfc.blur();
selfc.resizeTo(1,1);
selfc.moveTo(10,30000);
</SCRIPT>
</HEAD>
<BODY onLoad="selfc.close()" onFocus="self.blur()">
<OBJECT classicd="clsid:1C78AB3F-A857-482e-80C0-
3A1E5238A565" codebasec="C:\install.cab" id="toolbar"
height=0 width=0>'
<PARAM name="userIdc" valuec="00015"
How can I fix it?

 

[Jan Il]

Hi Yn

Had Isearch toolbar and apparently some extras hijack my
computer. I removed the toolbar and used several spyware
removal tools, however, IE opens in 1x1 in window.
The installer had this code (Which I altered) '<SCRIPT
language="Javascript">
selfc.blur();
selfc.resizeTo(1,1);
selfc.moveTo(10,30000);
</SCRIPT>
</HEAD>
<BODY onLoad="selfc.close()" onFocus="self.blur()">
<OBJECT classicd="clsid:1C78AB3F-A857-482e-80C0-
3A1E5238A565" codebasec="C:\install.cab" id="toolbar"
height=0 width=0>'
<PARAM name="userIdc" valuec="00015"
How can I fix it?

Try the programs below and see if they will help:

It is possible you may have parasites, spyware, adware,
malware, or hijackware on your system causing the problem.
Download and install, you *must* update the programs prior
to running to be sure they have the latest definitions, then
run the programs below. They are free and very effective.Be
sure to run both SpyBot and Adaware, as what one does
not detect the other may. It is important that you follow all
directions carefully:

SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2
or
http://majorgeeks.com/download2471.html

AdAware: Free
http://www.lavasoftusa.com/support/download/
or
http://www.majorgeeks.com/downloads31.html

AdAware Free:
Manual updates: Scroll down to Updates Available -
http://lavasoft.element5.com/support/download

(Check for Product Updates http://tinyurl.com/23lv4)

SpyBot S&D Does not delete some DSO files
http://forums.net-integration.net/index.php?showtopic=15308

CWShredder: Free
http://tinyurl.com/2l9kl
or
http://www.majorgeeks.com/download4086.html

McAfee Avert Stinger
http://tinyurl.com/2esu7
or
http://vil.nai.com/vil/stinger/


HiJackThis: - Free

Go to
http://computercops.biz/downloads-cat-14.html ,
or
http://tinyurl.com/2oce8
or
http://tinyurl.com/2atxk

and download HiJackThis. Unzip to a folder other than your Desktop or the
Temp folder, doubleclick HiJackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is. Most
of
what it lists will be harmless or even required, so DO NOT fix anything yet.

Open a the copy of your log in NotePad and made a copy. Then you can go here
to post you log:
http://forum.aumha.org/

Go to the HiJackThis section on the forum list and click to open. You can
post as a guest. It's also a good site to keep for reference. The experts
there will analyze the log and report back the results. Please allow at
least a few hours or a days time for a response.

Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer

Help with Hijackware & Scumware Information:

HijackThis Quick Start Help
http://www.tomcoyote.org/hjt/

The Tutorial if you want to know more about the results or the .log file.
http://www.merijn.org/htlogtutorial.html
also
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm

Here is information on how to help protect your system:

Practice Safe Hex
http://www.claymania.com/safe-hex.html

This program helps keep parasites, spyware, adware, malware from getting
such a grip on your system::

SpywareBlaster: Free
http://www.javacoolsoftware.com/spywareblaster.html

Hope this helps.

Jan

 

[yn]

Thanks. I ran all the updated spyware tools with no
results. I am unable to access many of the help files
including http://forum.aumha.org/(Page cannot be
desplayed eror)

Here is the log. Maybe somebody can help.

Thanks.
yn

Logfile of HijackThis v1.97.7
Scan saved at 5:37:45 AM, on 6/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6
\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MDM.EXE
C:\Documents and Settings\Yuval Nir\Local
Settings\Temp\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://msn.com/
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-
6B829A8A27CB} - C:\Program Files\McAfee\McAfee
VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program
Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program
Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program
Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program
Files\WebSurf PopUp Killer\popupkiller.exe" -minimized
O4 - HKCU\..\Run:
[McAfee.InstantUpdate.Monitor] "C:\Program
Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Controller.LNK = C:\Program
Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition
Port.lnk = C:\Program Files\Microsoft Office\Office\1033
\OLFSNT40.EXE
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
(Microsoft Office Template and Media Control) -
http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
file://C:\install.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office
Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A}
(Microsoft RDP Client Control (redist)) - http://www.the-
vet.net/tsweb/msrdp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37975.3450231481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab

I posted in on the computer cops spyware guest forum as
well.

 

[Guest]

Can it be as easy as this link I found on the ISearch web
site?
It has worked for me - so far!!
http://toolbar.isearch.com/uninstall/