Isearch problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by budlover, Mar 9, 2005.

  1. budlover

    budlover Private E-2

    Hello experts, I'm stumped....imagine that. I'm not sure if all of the problems that I've been having lately are caused by this little Isearh toolbar in the bottom right-had corner of my desktop, but from all of the complaints I've been reading about....it seems likely. I've read all the relevant forums and follwed your tutorials. I downloaded all the programs recommeded by Major Attitude, and while they turned up a few things I didnt know were there, they did not get rid of that toolbar. I have a laptop on a wireless cale connection with the basic Windows XP firewall set up. Here are my symptoms:
    1) its running A LOT slower
    2) battery life is significantly reduced...from about 2-3 hours to about 30 minutes, which is pretty much useless
    3) POPUPS...not overwhelming, but there. The ones that worry me the most are the ones that resemble command prompt screens and flash for only a second beore disappearing to never be found again.
    4) sometimes random icons appear on my desktop for things like "Virus Hunter Security," "Spyware Avenger," "Greenmovies," "Orangemovies," "Hot Bodies," and "Yum Yum." There have been others, but I have been deleting them as the appear. I have never clicked on one to see where it would lead me. This has occurred during times that I have my network disabled...so I know my computer is offline.
    5) sometimes my computer is unable to recognize availabel networks, and is therefore supposedly unable to connect to the internet. However, during these times my cable modem still shows pc activity.
    6) I have and "isrvs" folder that I can't delete. "Buddy.exe" and "farmmext.exe" are two others that keep showing up and won't let me delete them.
    7) There is a little "search the web" toolbar that likes to hide behind my taskbar
    8) from time to time, I hear noises resembling some kind of a transmission coming from my speakers
    9) sometimes the fan kicks into high speed for very long periods of time when the laptop does not feel hot. It didn't used to do this, so it seems out of place.
    There are probably other things going on that I am unaware of and probably don't want to think about, but I've run McAfee, Spybot S&D, Adaware SE, Spyware Blaster, Stinger, CWshredder, Kill2me, CCleaner, and HijackThis. As you requested, I did not attatch a HijackThis report, and I did nothing with it because it did not make very much sense to me and I didnt want to mess anything up....but I have it. Please help me. I have spent countless hours trying to figure this out, reading tutorial, downloading spyware removal programs, and trying again. I'm lost and don't know what else to do. PLEASE HELP ME......
     
    budlover, Mar 9, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the below steps carefully.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENTto your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Mar 9, 2005
    #2
  3. budlover

    budlover Private E-2

    whew...thank god you answered.....well here is the hijack this log. and thanks for helping out, really and truly. i'm at my wits end.
     

    Attached Files:

    budlover, Mar 9, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Question: Is there a reason you did not run the online scanners given in the READ ME FIRST?
     
    chaslang, Mar 9, 2005
    #4
  5. budlover

    budlover Private E-2

    I've run the Symantec one before and it turned up nothing, and i tried the other one, uh....Trend something, i think, and i got an error message. I think there was another below those two, but I was getting fed up and half thought it might do something similar. Do you want me to try them again now?
     
    budlover, Mar 9, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    When is before? The Symantec online scan was not run or it would show in your log. Same goes for the TrendMicro scan but I since you got an error with the Trend Micro scan that is probably why it does not show. We need to know information like this. Anytime we give instructions we need to know the results (whether they work, don't work, you get errors etc - alway provide exact error messages too!).

    - Please download and install Microsoft® Windows AntiSpyware
    - Make sure you upgrade it to the lastest definitions. Do not run the scan when asked!
    - Then boot into safe mode and run a full system scan.
    - Then reboot in normal and report back what it finds and fixes and does not fix too.
    - Post a new HJT log.
     
    chaslang, Mar 9, 2005
    #6
  7. budlover

    budlover Private E-2

    okay here it is......i ran the microsoft antispyware in safe mode with networking (i hope thats the right one) it turned up the isearch toolbar, and three other problems that the other programs missed. it said it fixed them and i rebooted in normal mode and ran hijack this. im attatching the antisyware report and the new hijack this log. thanks....or maybe not. i tried saving the antispyware report in word while in safe mode but its gone AWOL.
     

    Attached Files:

    budlover, Mar 9, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may need to disable the active protection of MS Antispyware and Spybot (or anything else that is protecting system settings) for the below to work.


    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.42.87.219/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.42.87.219/sidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.42.87.219/sidesearch.html
    O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
    O3 - Toolbar: (no name) - {207AEF46-0596-4966-A7BF-098F247E85BB} - (no file)
    O4 - HKLM\..\Run: [txtamqgy] c:\windows\system32\txtamqgy.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\rsyncmon.dll
    c:\windows\system32\txtamqgy.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

    Now run Ccleaner that you installed while first running the READ ME FIRST.

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Mar 9, 2005
    #8
  9. budlover

    budlover Private E-2

    okay, it seems to have all worked out. seems to, i hope so. I checked off the things that you said to in HijackThis. then when i ran the microsoft spyware in safe mode with networking it showed the ISearch stuff and a few other things and supposedly deleted them. When I went to delete the two files you said two, they were not there. I ran a search on them and the closest to either of them that I could find was "c:\windows\prefetch\txtamqgy.exe-1072E776.pf"----I didnt delete this because it was different, but should I? Also when I tried to run Ccleaner I got a and error window. It said: CCList View Control
    Run-time error '-2147024770(8007007e)':
    Automation error
    The specified module could not be found
    I went to the Ccleaner website and redownloaded it. I ran it three times on each of the tabs and it deleted/fixed all kinds of stuff. I dont know why it kept missing things, but after the third time it was apparently convinced that it was done. Well anyway, heres the final (hopefully) log and thank you thank you thank you thank you thank you
     

    Attached Files:

    budlover, Mar 11, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes delete this "c:\windows\prefetch\txtamqgy.exe-1072E776.pf" It is the same thing but because it is in the prefetch folder it just has a .pf at the end.

    We really did not want you to run ALL three tabs of Ccleaner. In fact that is not always a good idea. The Issues tab can go in an make all kinds of registry edits. These should be check before approving and all full registry backup should be maked before doing that. All we wanted you to do was run the Temporary files cleanup (the first Tab and click run cleaner).

    At any rate, your log is clean. How are thing working now?
     
    chaslang, Mar 11, 2005
    #10
  11. budlover

    budlover Private E-2

    Alright so far....I'm going to delete that file in just a sec. The popups and the icons havent come up again yet, and the noise stopped. I also changed browsers to Mozilla Firefox and I dont know if thats responsible for the change, but my internet is working a little quicker. However, even though the iSearch toolbar is gone, an iSearch browser window popped up yesterday when I first started Mozilla. My battery is also still only lasting for about thirty minutes. Any thoughts?
     
    budlover, Mar 14, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If your HJT log is still the same as the last one, I would not know why you got a iSearch popup.

    As far as your battery is concerned, unless some piece of malware (which you do not seem to have) were causing excessive disk activity, then no ideas related to malware. That's a hardware forum issue. Perhaps your batteries are no longer carrying a proper charge.
     
    Last edited: Mar 15, 2005
    chaslang, Mar 14, 2005
    #12
  13. budlover

    budlover Private E-2

    well....thanks again then. i ran just a scan and compared the results to the saved log and they are the same. i suppose i'll move my inquiries to another forum now
     
    budlover, Mar 15, 2005
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your welcome.

    You may want to indicate in that thread the age of your batteries.
     
    chaslang, Mar 15, 2005
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds