• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jcv

isearch has hijacked me!

15 posts in this topic

Hi all,

 

This is my 1st post here. I read the FAQ and I'm pretty sure I've done everything right.I have the latest version of Spybot S&D and I ran it, removed the checked entries then re-booted my computer. I then ran "HijackThis" and my log is below.

 

My computer is all messed up. My browser has beed taken over by "isearch", I get constant "Windows Messenger" pop-ups and everything runs very slow.

 

Any help is really appreciated... here is my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:42:33 PM, on 5/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

C:\PROGRA~1\aim\aim.exe

C:\WINDOWS\System32\msgked.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

C:\WINDOWS\System32\GEARSEC.EXE

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.emachines.com/

R3 - URLSearchHook: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll

O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdaim.dll

O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mskpkc.dll

O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {CBA16D94-A50A-4DF1-A29E-A48C0316E95A} - C:\WINDOWS\System32\nhi.dll

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe

O4 - Global Startup: winlogin.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00003/chm.chm::/files/initial.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc03.rightnowtech.com/audible/a...l/java/RntX.cab

Share this post


Link to post
Share on other sites

I don't understand, I'm on page 5 and there's a whole bunch of people with the same exact problem that are being helped... I just want to make sure I didn't do anything wrong and piss someone off. Was there something else I was supposed to do that I missed?

 

I am very desperate to get this problem solved... this is my business computer and it's almost unusable. I would really appreciate some help with this.

 

Thank you

 

BTW - when I'm on the 'isearch' page, the browser window reads "about:blank". I noticed several other people with this problem and I didn't say that in my 1st post

 

thanks again

Share this post


Link to post
Share on other sites

OK, one more thing that's happening to me:

 

I get all sorts of 'clickable' links that wouldn't normally be there! For example; I posted a message on a forum that I frequent and the word "job" was in my post. When I read my post, the word job was underlined and I was able to click it and it brought me to a bunch of search results relating to job. This is happening to me everywhere.

Share this post


Link to post
Share on other sites

Even the word JOB in my last post is underlined in green (the first time the word was used) and it's a link! What the heck????

Share this post


Link to post
Share on other sites

Remove, using HijackThis:

 

O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll = iSearch Toolbar

 

O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll = ClientMan

 

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C\WINDOWS\System32\mskhhe.dll = ClientMan

 

O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdaim.dll = ClientMan

 

O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll = iSearch Toolbar

 

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mskpkc.dll = ClientMan

 

O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll = ClientMan

 

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll = ClientMan

 

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll = ClientMan

 

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll = ClientMan

 

O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll = iSearch Toolbar

 

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00003/chm.chm::/files/initial.cab = iSearch Toolbar

 

Did you use an anti-spyware-tool like SpyBot?

Share this post


Link to post
Share on other sites

Thank you for the reply!

 

I do use Spybot S&D. I ran it, removed selected problems then re-booted. I had already copied your list into a word doc so I wouldn't have to go online again. I ran HijackThis and removed the items you said to. I then changed my homepage back to what I wanted it to be. Now when I open my browser it still goes to about:blank (isearch) and I still get pop-ups like crazy. My computer is still super slow and almost unusable.

 

What else can I do?

 

Thanks again

Share this post


Link to post
Share on other sites

I just downloaded Ad-aware 6. I scanned my hard drive and it detected 134 new items... most are data miner and malware. Can I post my log file to find out what I need to fix or do I "select all items" and wipe them all out?

 

Thanks

Share this post


Link to post
Share on other sites

OK, I deleted them all... still same problems.

 

I can never shut down my computer... there's always stuff running. I did 'ctrl, alt, del' and there's 34 things running!

 

please help

Share this post


Link to post
Share on other sites

my latest log file

 

Logfile of HijackThis v1.97.7

Scan saved at 1:17:35 PM, on 5/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

C:\WINDOWS\System32\GEARSEC.EXE

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nhi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.emachines.com/

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {CBA16D94-A50A-4DF1-A29E-A48C0316E95A} - C:\WINDOWS\System32\nhi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe

O4 - Global Startup: winlogin.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc03.rightnowtech.com/audible/a...l/java/RntX.cab

 

 

 

it seems there is so much activity here, I need some help, please!

Share this post


Link to post
Share on other sites

I don't understand what I did here! I am pretty much being ignored. There are so many people with very similar problems to mine and they're getting TONS of help. What did I do? I am beside myself with this problem... I really need help. If there is a reason I am being ignored, PLEASE tell me. I really tried to do the right things before I posted. I'm pretty much about to throw my computer in the trash. I'm desperate here.

Share this post


Link to post
Share on other sites

Since none of the experts seems to give you any fast reply I´ll get u started at least. If u havn't already done the basic below u should start there.

 

Fixing with Hijackthis! won't fix a problem if your having files autostarting recreating the probs u fixed in a earlier session. Take a look at your startupfiles

by going START - RUN - and typ msconfig.sys. Check for suspicious files and check them against pacmans list at

 

http://www.pacs-portal.co.uk/startup_pages/startups_all.zip

 

Any unwanted? Uncheck them!

Share this post


Link to post
Share on other sites

Thank you so much for replying!

 

I went to START - RUN then typed msconfig.sys

 

I got an error. I tried to cut and paste it for you but I couldn't... anyway, it says "cannot find msconfig.sys."

 

What now?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0