thanks a bunch for the link.. freaking hate spyware!! die in hell!!

first link on google dude
THANK YOU!

Thanks for posting this. That was a good two hours wasted trying to get the damn toolbar removed.

I've sent them a nice "thank you note", perhaps if everyone did this they would get the hint.

iSearch Internet
701 Brazos, Suite 500
Austin, TX 78701
866-845-6873

webmaster@isearch.com

Thank you so much for getting this link. Why this isn't illegal due to the lack of consent used to add this program into your property . . . I have no idea.

But atleast the online community is strong enough to be able to strong arm these thugs of commerce.

Very true.
Its hard to believe that a company would do this without contempt. They have to be doing it on purpose. 99.9% of those with comps, are NOT MS hackers/programmers/ or no anything about windows. Even those HERE, cant know windows 100%.

A company that does something like this and THEN dont put in a UNINSTALL, should be SHOT.
Do we have any lawyers in the group...

:)

thanks for this thread. it did show up and now it's gone. :):)

Ludo

Thanks mate....................... well anoyed at this stupid bar

Searched google and came straight through to your post

Hope other infected users are as lucky as me

get program- Ad Aware 6.0 at download.com. It will take all the spyware off your computer. And it is free.

Thank god someone else had this issue, I spent some time looking for the "uninstall" for it to no avail.

I ended up getting this Isearch crap just by visiting a website...can't remember which one, but I know I didn't agreee to that evil toolbar.

Also, just so you know -- I had to get on Yahoo to find this article because I could never get an answer on Google...at least not one I was patient enough to read 1000 headings for.

Thanks a ton for the fix.

Thank you threecaster and everyone. After fighting with this ISearch bar for days using every method I could find I stumbled upon this page, OH JOY !. I tried everything, thank you for saving my sanity and death to the dirty *&^%#@' s that are responsible for this annoying crap.

Regards
Mr. Lee:brick :brick

welcome to the boards mr. lee

[QUOTE]Originally posted by Portgordon

Ad-aware 6.0:
http://www.cybertechhelp.com/html/downloads/download.php/id/33
Latest reference file:
http://updates.ls-servers.com/reflist.zip

i just wana say a big thanks to Portgordon for the latest ad-aware update link.

i tried all the things suggested by everyone and none worked.

i installed the updates, and bye bye ISearch.

thank you once again Portgordon

Chris.

thank you, thank you, thank you... I have been trying to remove Isearch for days and driving me crazy. Seemed to coincide with huge increase in pop-ups that couldn't be closed. Couldn't get anything done online. I bought some anti-spyware software and it didn't work. In desperation I typed 'how do I get rid of Isearch' into Yahoo search and got your link. Removed in seconds. You have no idea how relieved I am.

Also Spybot is VERSION 1.3 and requires a NEW download...

great idea with the removel tool but none of it worked. help

OH MY GOD. I LOVE YOU RIGHT NOW!

Thank you, thank you, thank you!!!

Has anyone made any progress with getting ahold of this company? It would be great if they suffered from this.

someone get a email from them and track them..

Just wanted to thank IOMAN. Finaly was able to get rid of the ISearch with your help. Thanks again, Terry

THANK YOU!!! You're post helped me get rid of the isearch crap. I did a yahoo search. But someone elses post came up that said the beginning of the thread listed a link and with some further looking I found your post, all I can say is THANKS and through searching people should be able to remove that crap thanks to your post

I just got the ISearch toolbar forced into my life. Thank you guys so friggin much for your help!

If I knew I could get away with it without repercussions, I would definitely (and joyfully) end the lives of those who made the damn thing. I will never buy or promote anything that is advertised by any spyware. How can you respect a company who forces problems into your life? So simply...many deserve death; but this country (the US) is so pussified that we are forced to coexist with such sickness.

Thank you, thank you, thank you! I followed your link and used the manual removal instructions. They worked perfectly. I can't tell you how happy I was to see it gone. Thanks again. You're the best!

Finallly got rid of this crap, thanks homey

Finally! I found an easy way!

Use this link to the Isearch Removal Page. It is from the Isearch people themselves. There is an automatic uninstall (which I just used and it works) and instructions to maunually uninstall the toolbar.

http://toolbar.isearch.com/uninstall/

Don't know if it will help but I got this toolbar from either FileZilla FTP Server or from NetFileServer. Beware of one of these two ftp server applications.

REMOVAL ULTIMATE SOLUTION :

Thanks for this forum I found the ultimate and most advisable
way to remove it.
Of course I wouldn't dare use the iSearch removal tool, it's just
a way for those f***ers to put more SHlT in my pc.

The ultimate solution : uninstall your Adaware, it's not updated,
even if you update it online all the time it won't find iSearch
because it's an older version.
Go to lavasoft site and download the NEW adaware, check
for online update just incase and then scan your pc and it'll
remove iSearch FOR GOOD.

The best way to remove a spyware is to use a software that
removes spywares ^^

Thanks for the guy who made this post, and thanks for the guy
who wrote about adaware not being the last version and that's
why it didn't find this annoying apyware with adaware before.

I only wish I lived in the USA near the company of those f***ers,
I would know what to do. Sometimes in life you need to do
to the other side what he does to you, an eye for an eye, not
always but DEFENETLY in this case.
So I recommend to all you guys that live near them to do
the following :
1) go there with a nice knife and make sure you cut ALL the
tires of ALL the cars of the company employees !
2) when you need to go to the toilet to SHlT make sure you take
a bag with you and SHlT inside it, then take the SHlT and put
on their cars and throw some in the entrence of their building.
3) come at night when nobody there and pee all over the place
especialy on the door they enter and it's handle.
4) If you see outside cables of phone make sure you cut them,
just be careful not to cut electricity cables ^^
5) buy color spray and spray ALL over their windows and walls
and cars, write with the spray some nasty stuff that I don't want
to write here, but believe me it will be SO annoying for them,
and will cost them money and MOST important it will take their
time, they will spend their time having to deal with ANNOYING
things like they did to all of us. Each worker will have to go
to the car garage to clean the spray from their cars and also
they will have to repaint their office walls.
6) BE CREATIVE ! I only wrote several options, but you can do
so much more, may the force be with you.

OMG, I don't know how I didn't think about that too :

7) besides the SHlT you make in a bag and put all over their
cars and building, come at night and make a pile of SHlT
just infront of their building door, so they will have a nice
SHlTY welcome in the morning, hopefuly one of them will step
on it ^^

8) also if you live near a place with horses or cows take a
shovel and take lots of horse and cow SHlT, they have huge
piles of SHlT and you already know what to do with it !

9) take a nylon glove that you can throw away after use and
then take some SHlT in your hand and wait early in the morning,
then when you see the manager of the company arrive put
the SHlT on his face and make sure it goes inside his nose
holes !

OMG, I never knew I can hate someone so much like I hate
iSearch

10 ) Also if you know of a way to print a message in a
newspaper without knowing who you are ( pay cash or
something, it's worth it ) then write a message that there is
this great place for GAY sex and the phone number is :
and write their phone number, they will get lots of nice gay
phone calls 24/7

I'm paranoid going back to their site to remove it, if they f'd u once they might Fk u again w/out you knowing it this time, & also not brave enough to hack my registry, so i just performed a system restore one day before those mutherfers installed that crap on my system.

1. Perform a system restore to a day before it was created or last modified. (this will rid the isearch toolbar from IE)

2. Do a search on your PC "isearch" to find the installer & a date that it was created or last modified.

3. Delete the install.cab file found when you did the search from C: & also there is another IE file in there 1kb that appears to have been created along with this peice of ****.

Good Luck,
it worked for me without having to go back to their site.

restart the computer in safe mode, and then delete c:\windows\system32\toolbar.exe and toolbar_.exe

that's it! isearch toolbar is gone.

for xp users. run msconfig and select diagnostic setup. restart the system and then delete the above file.

try and tell me.

thank for the info good job

Hi Ioman - Techno Addict!! .

Thanks for the isearch solution
You are the best! :)

Bless you. You are GOD

Originally posted by Unregistered
Bless you. You are GOD


haha this comment was funny, I am going to frame it!! J/K

I actually got a call from a guy thanking me tonight. He has had this stupid toobar on his computer for a while and thankfully the solution I posted worked. I feel great helping everyone :)

isearch unistaller laughs at you installs more spy stuff and doesn't uninstall, there is no way to rid of it, however despite like a coward hiding there whois info, I did manage to find out who owns the website and is behind this isearch browser theft tool, which won;t even allow me to any site except isearch.
SO PLEASE SEND HIM A KIND EMAIL FOR ME,

Host Name : www.isearch.com
IP Address: 216.130.187.150

OrgName: Webair Internet Development Inc
OrgID: WAIR
Address: 333 Jericho Tpke
Address: Suite 200
City: Jericho
StateProv: NY
PostalCode: 11753
Country: US

NetRange: 216.130.160.0 - 216.130.191.255
CIDR: 216.130.160.0/19
NetName: WEBAIRINTERNET
NetHandle: NET-216-130-160-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS.WEBAIR.NET
NameServer: NS2.WEBAIR.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-03-12
Updated: 2001-11-14

TechHandle: ZW64-ARIN
TechName: IPAdmin-Webair
TechPhone: +1-516-938-4100
TechEmail: IPAdmin@webair.com

OrgNOCHandle: ZW64-ARIN
OrgNOCName: IPAdmin-Webair
OrgNOCPhone: +1-516-938-4100
OrgNOCEmail: IPAdmin@webair.com

OrgTechHandle: ZW64-ARIN
OrgTechName: IPAdmin-Webair
OrgTechPhone: +1-516-938-4100
OrgTechEmail: IPAdmin@webair.com

# ARIN WHOIS database, last updated 2004-06-07 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

OK, who has the Lawyer....
I only want 1%, of what he is making...

THANK YOU!! I could not get this piece of junk off no matter how I tried.

Ok, so I got rid of ISearch and what does he do?? Finds another way to d/l another spyware called SmartSearch. Only this time Adaware can't get rid of it. Can ya help me get rid of this one more time? HIM I can handle! Thanks guys.

I'd see about installing mozilla, and kill all the IE shortcuts so he cant find it.
Leave Mozilla blank so Little can run, or install itself.

MK, now that I got I search off I gota new one. ANyone know how to remove "Home Search"?

thanks for the help. your instructions helped me got rid of that "isearch" on my toolbar.

I thank you for the posting for the removal program. Thank you

w00t we broke 100,000 views. Congrads everyone !!

Originally posted by TecknoGeek
w00t we broke 100,000 views. Congrads everyone !!

And to think...
You didnt have to stand in front of a window with the shades UP...(eww)

Ioman, thanks for having this thread.

Unfortunately, I got the isearch toolbar on my computer and so far I haven't been able to get rid of it. The isearch link you have posted does not seem to work for me, neither the automatic removal link or doing it manually works. I'm running XP and I think that might have something to do with it.

Threecaster, I read your directions, but unfortunately computer-savy I am not! I'm not sure I understood your directions. I would really appreciate it if you could repeat the instructions in computer baby talk, because I have even run a recovery (per HP's instructions) and that @**@ isearch continues to be on my computer. I have also downloaded spysubtract, aol's spyware blocker, and my son ran a couple other spyware programs and nothing has worked. Any suggestions would be greatly appreciated.
bluejay

Ioman, thanks for having this thread.

Unfortunately, I got the isearch toolbar on my computer and so far I haven't been able to get rid of it. The isearch link you have posted does not seem to work for me, neither the automatic removal link or doing it manually works. I'm running XP and I think that might have something to do with it.

Threecaster, I read your directions, but unfortunately computer-savy I am not! I'm not sure I understood your directions. I would really appreciate it if you could repeat the instructions in computer baby talk, because I have even run a recovery (per HP's instructions) and that @**@ isearch continues to be on my computer. I have also downloaded spysubtract, aol's spyware blocker, and my son ran a couple other spyware programs and nothing has worked. Any suggestions would be greatly appreciated.
bluejay

Hi Bluejay,

First of all, welcome to Designtechnica.

My experience with that uninstall URL is that if there are too many people trying to access it, it will not appear to some. You will have to keep checking that link.

The latest version of Adaware has a fix for it, but you will need to pay for the software. I also think the latest version of Spybot removes it. Have you tried either of those programs?

Hi Ioman,
Thanks for the welcome.

I went to the URL and since I could not run the automatic uninstall, I followed the manual steps, with no success. My computer had an error message and would not proceed with the manual uninstall.

We did try spybot also with no success. You can't imagine, I spent almost four hours on Saturday evening on-line with HP help and several hours the next day with their phone help line. All for nothing, they had me run a recovery and the spyware was still there. We did download the Adaware, but it was the free one, so maybe I'll have to look into paying for it.

However, I do have some good news to report, I sent my son some of the messages from this board (I'm at work and he's at home) and he tried restoring the computer to a date prior to when we were infected with the spyware as was suggested by another member (can't remember the name right now) and he said that - so far - no more pop-ups from isearch. I'm about to leave work and go home so I'll check it out for myself. This has been a nightmare!

Thank you for having this thread, like others I found it by doing a search for removing isearch toolbar. It's a big help!
Bluejay

I hope things work out for you. Let us know how it goes! :)

Hey someone email this guy and give him the link to our forums here. I bet we had the answer before he did. =)

http://www.isearchthenet.com/isearch/remove_isearch_toolbar.php

He makes a isearch script that will search your website for you.

Poor guy is getting bombarded by hateful emails......Jim

It seems I'm having a problem no one else has had.

I don't have the isearch toolbar, but I'm sent to their website as my homepage and I can't change it (it's http://wvww.us/ in my Internet Options, but I get redirected and get it gets changed back whenever I try to fix it). I've run Spybot, Ad-Aware, and the Auto-Uninstall on the isearch website (as well as doing trying to do it manually), but I don't have the toolbar files to delete, so they don't help at all.

Any help would be greatly appreciated.

Download HijackThis and save a log, then copy and paste it to this message board, Someone can take a look at it..........Jim

http://www.spywareinfo.com/~merijn/downloads.html

I thought I was going to lose it until I happened on your isearch removal tool. Many thanks.

Pasting the logs from hijack this.. any one pls tel me what to delete.


Logfile of HijackThis v1.98.0
Scan saved at 8:19:03 PM, on 7/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\download\for virus purpose\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=632
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.findwhatevernow.com/searchband2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\u5kmf9mriuyiif.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {11010101-1001-1111-1000-110263637096} - ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.nuker.com/products/swn2004/installers/default/SpyWareNukerInstaller.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab



Ravi

It seems I'm having a problem no one else has had.

I don't have the isearch toolbar, but I'm sent to their website as my homepage and I can't change it (it's http://wvww.us/ in my Internet Options, but I get redirected and get it gets changed back whenever I try to fix it). I've run Spybot, Ad-Aware, and the Auto-Uninstall on the isearch website (as well as doing trying to do it manually), but I don't have the toolbar files to delete, so they don't help at all.

Any help would be greatly appreciated.

I have had the same problem and I can't get rid of http://wvww.us/ as my homepage. Have you managed to remove it yet? If you have can you please let me know what you did.

Thanks

RAVI:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=632
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.findwhatevernow.com/searchband2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

These DIE first.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.greg-search.com

Then These....

O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {11010101-1001-1111-1000-110263637096} - ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni...hm::/d_Main.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.nuker.com/products/swn20...erInstaller.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

THESE ARE QUESTIONABLE.... I see pandora loading a cab file.
Akami is running an meINSTALLER.
Nuker(?) is running an installer.
XXXtoolbar is running an installer.
Euro DNS service, I dont know...
But kill The first one....There is NO trusted site...

These progs are getting on the net, and installing stuff I DONT THINK you want.

you do need to optimize your system.
I dont let anything START running at startup. I only want them to start WHEN I Click them. This could save you 10-50% on startup time...

How long has your homepage been changed to wvww.us?

Try a System Restore

Start/All Programs/Accessories/System Tools/System Restore.

Set your computer back to a date before you had this problem. If Its been a week, set it back 2 weeks.

If that doesnt work post a hijackthis log for us to see.......Jim :vivi

WE need a page on what to DO FIRST...
Questions we need to know.
what has to be done FIRST.
And info we want, to diagnose...
Progs to Download for evaluation.

I tried to remove isearch from their site-it did not work-after i clicked--it said--isearch could not be un installed! what can i do?

1. Isearch isnt the only place using this prog. changeing names and reg isnt that hard.

2. TRY a system restore...back 1 week...

3. find/download/run Hijackthis, and spybot.

4. POST what Hijackthis, HERE...

I think we are going to write a bible, on this subject.
going to ask for a commission from Spybot.

I believe AdAware removes ISearch now. At least thats what people have been saying.

http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

i finally got rid of isearch on my toolbar, any idea how to get if off the pc completely?Somehow an iSearch toolbar got installed on my system. It would not let me uninstall it and did not show up under add/remove programs. Neither spybot or adaware found it either. I was pretty upset to say the least.

After trying to call the company and getting their answering machine and searching the net, I finally found out how to uninstall this crap.

http://toolbar.isearch.com/uninstall/

I hope when someone searches google, this thread shows up.

It should be gone by using that link but if you want us to take a look download HijackThis here and post a log on the message board.........Jim

http://tomcoyote.com/hjt/

:argue :argue :argue
:censored :censored :censored

They suck, they just won't let you uninstall it the normal war :censored :censored

:sponge :sponge

I down loaded the program you suggested and it didn't work. It does something and then reboots the computer. The computer hung in the middle of rebooting. ctrl-alt-del showed it was running. Boot up would not continue untill I canceled the program

Using Win 98

Any ideas, or did this happen to anyone else?

thanks

dgr

Umm,
Load update run, spybot, spyblaster and Also Hijackthis,,, Need your log.

I had the isearch toolbar i got it removed and then i followed the link that Ioman suggested for the isearch deskbar but I can not get this removed from my compuer. Unfortunately my resgistry file has been disabled when a keylogger gave me a virus last year. Any suggestions?

did you try, hijack?
See the REG, is about 6 different files, and REGEDIT brings those together to READ and edit them... Kill regedit, and you cant read them..
Hijack does the SAME, but only shows parts we want.

If your REG was killed, you wouldnt have windows..

This seems like an old problem based on the dates of the previous posts, but I just got it now and am unclear as to how to remove the isearch tool bar on my desktop. Any help would be greatly appreciated. I tried the restore and it wouldn't allow me to restore. Should I be in safe mode? I have the free adaware and spybot search and destroy...nothing

On a side note, what exactly is it doing to my computer other than annoying me by being there?

Ok, then get Hijackthis, and post a log..
And there are Differences in the versions of ISEARCH..
Probably got KALV*.* on there also..

This seems like an old problem based on the dates of the previous posts, but I just got it now and am unclear as to how to remove the isearch tool bar on my desktop. Any help would be greatly appreciated. I tried the restore and it wouldn't allow me to restore. Should I be in safe mode? I have the free adaware and spybot search and destroy...nothing

On a side note, what exactly is it doing to my computer other than annoying me by being there?

pardon my ignorance but where can i get the hijack this and how does it work

http://forums.designtechnica.com/showthread.php?t=5583

Hijack This is a Program that lets the experts see whats good and bad on your computer. Post a log. Do not delete anything until we tell you what to delete.

You can find the link in our Spyware Program section. Here is the link..........Jim

http://forums.designtechnica.com/showthread.php?t=5583

Logfile of HijackThis v1.99.0

oh and apparently its the "isearch deskbar" not the toolbar

ADD/REMOVE PROGRAMS...
win TOOLS,
weather bug,

those arent there on my add/remove programs

Look in programs Bar, hit start, programs see if there is uninstall for them...
If not, we can kill references here.

Go To Safe Mode (F8 on Startup)

Delete these files

C:\WINDOWS\isrvs\desktop.exe
:\WINDOWS\system32\pstuaks.exe

Place a check next to each of these and click Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ygxsnbzwc] C:\WINDOWS\system32\pstuaks.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Reboot and Post a New Log

Logfile of HijackThis v1.99.0

looks like its gone from the desktop. How does the registry look?

Download Spyware Blaster for Prevention, Scan with Spybot and Adaware Once a week, should keep you in good shape. Here is the link for SpywareBlaster........Jim


http://www.javacoolsoftware.com/spywareblaster.html

Update these programs too They have new definitions all the time. :vivi

Thanks NightOwl...
You getting Very good at this...

Much thanks to both of you Night Owl and ECA. Much appreciated!

Another question.....I dont know if there is a forum for this...but I went to add or remove programs in the control panel and I saw something that said Shockwave and it had no MB size or anything next to it on the right. Is this something I should remove or leave?????

You are getting good at this too. I noticed that the ISearch Toolbar has a few new things now. Still easy to fix after I looked at a few of the logs.

Notice the isrvs in all of these

All are related to ISearch


C:\WINDOWS\isrvs\desktop.exe



O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Shockwave should be ok...........Jim :vivi

shockwave is movie/game player for windows.. Lok it up on the net.

Shockwave should be ok...........Jim :vivi

Everytime I run spybot I keep getting a problem to fix called DSO Exploit...I have read some things on the internet about it but really dont know if is harming my computer or if it already has. I can not get rid of it on the spybot....it seems to clean it then I run it again and there it is. Thoughts?

I get DSO Exploits on mine too, If you do your normal Windows Updates they are ok. Just ignore them.

I think there is a Ignore function on Spybot so it wont show up on your scan..........Jim :vivi

OK thanks Jim, sorry to be a pest, just a newbie who gets paranoid!

Thats Ok, You dont know unless you ask. Happy New Year..........Jim :vivi

ASk, thats why we are here...
may not have an answer, BUT ask.

I just manged to uninstall that isearch toolbar, heres a link where u can down load something that will get rid of the tool bar hope this helps someone http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5 i had another tool bar called hot something and it got rid of that as well.
Best of luck.

that helps..
But I have another worry, about HOw its getting ON systems.
DROP the tool bars.
And turn off ALL P2P networking..

If you are facing the ISEARCH tool bar on the right hand side corner above the system tray , here is a way to remove it.
I did it and it has not come back

Follow the steps . ( I did on Win 200 Pro, your dos commands may vary )

1) REstart the computer and after the bios boot, press F8 and select to start computer on SAFE MODE COMMAND PROMPT ONLY

2) Change directory to c:\winnt\isrvs or the directory where the file sysupd.dll resides.
or you can search for it from COMMAND prompt
Change directory to C:\ -- Note you must be in this root

type " dir sysupd* /s " -- This command will list the directory

Change directory to the top level directory of that file.
It should be c:\winnt\isrvs ( or irsvs

Your prompt should read " C:\WINNT"
Type " rd isrvs* /q /s"
This should remove all the folders, sub folders and then reboot and u are a free man now....

(this is assuming you are running windows XP) was just searching around to try and find a street address to the Isearch company to send them a nastly letter when i stumbled across this forum. so for my advice the easiest way to remove any unwanted files of any type would be to 1. (if you know hte files, or proceses you want to dlete skip this step) ctrl-alt-del and and if it is under the applications tab right click the the undisired application and click go to process. Then the procces or procceses that are required to run that progam will be highlighted 2.The next thing you do is go to the search utility located on you're start bar and seach all files and folders (MAKE SURE ALL HIDDEN FILES ARE SHOWN) then delete the files. 3.In some cases you will not be able to delete them because either you do not have the permisions to do so or the file is in use, if this is the case reboot you're PC and pres F8 untill safe mode comes up then locate the undesired file and delete it from safe mode.

Please check my computer for me.
This is the log.
Logfile of HijackThis v1.98.2
Scan saved at 6:35:25 PM, on 1/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gumshoe\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG. EXE /SetPreload /Log
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa9783d26482265506/netzip/RdxIE601.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

Reboot To Safe Mode (tap F8 on Startup)

Place a check next to each of these and click Fix Checked.


O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O16 - DPF: Win32 Classes -


Still In Safe Mode Delete all Temporary Internet Files, Cookies, Do a Defrag on your C Drive, Empty recycle bin.

Start/All Programs/Accessories/System Tools/Disc Defragment

Then Reboot and post a new log..........Jim :vivi

First of all, thank you to everyone here who contributes to the fight against isearch. Now, my problem: I believe I came here before and was able to get rid of isearch with help from the posters here. However, I now seem to have a very nasty bastard of a version of isearch. It's in a folder named "isrvs" in C:\Windows . It refuses to let me delete that folder or anything in it, which consists of the following:

----------------------------
"isrvs" folder -
delprot ("system file")
desktop ("application")
desktop ("shortcut to MS-DOS program")
edmond ("application")
edmond ("shortcut to MS-DOS program")
(both "edmond"s have about 4 copies of themselves)
ffisearch ("application")
ffisearch ("shortcut to MS-DOS program")
isearch ("XPI file")
mfiltis.dll ("application extension")
msdbhk.dlll ("application extension")
sysupd.dll ("application extension")
TMP81.tmp ("tmp file")

Subfolder "Icons" -
hushware
popup blocker
spyware avenger
usaplatinum
virushunter

(Ironic list, isn't it?)
----------------------------

I've followed the advice on this board, getting the latest version of AdAware (which killed tons of spyware and junk), the isearch remover program, and I even followed the instructions for using regedit. Still no luck. I try to do a system restore and I get this error:

"rstrui.exe - bad image
The application or DLL C:\WINDOWS\isrvs\mfiltis.dll is not a valid Windows image. Please check this against your installation diskette."

It lets me attempt to do a system restore (with the same error repeating over and over), but it doesn't work in the end.

BTW, the computer I'm using has WindowsXP (which sucks, IMO, I use 2000). Not mine, my mom's, but she knows nothing about computers and I'm trying to help her get rid of all this junk. So can anyone please help me? Thank you in advance.

have you tried using SAFE mode?? Tap F8 at startup...
The problem tho, is in the REG.. doing a seach in reg for the offending lines and removing them. And they could be using any name to load this.
\mfiltis.dll This is what you would search for...And look for MORE then one occurrance..

http://forums.designtechnica.com/showthread.php?t=5583


Download Spybot, AdAware, Hijack This (Links Above)Post a HijackThis Log

On Adaware and Spybot Delete what they find, Remove cookies, Temporary Internet files,Empty Recycle Bin,

Then scan with HijackThis. Save log to desktop, Copy and Paste log to message board.

Please start a new thread also. Makes it easier for everyone, thanks........Jim

umm i also have this stupid malware but i have it worst of every one, instead of just i search i have a ton of other **** installed by that prog, including a fake desktop that covers the real one and displays a html document telling me to buy their spyware removal program, before i had links for other spyware removal progs put up on my desktop like every half hour but thanks to that isearch remover thats gone, but i cant fix my stupid desktop no matter how hard i try,

ive used the latest versions of ad aware, hijack this, spybot, pepper uninstaller, microsoft spyware removal tool and none of them has been able to stop it so far, just been able to delay the popups,....

and the cause of all this is is this stupid site
>finefind.nettraffic2cash.biz < which automatically adds it self to trusted sites and downloads stuff, hijack this cant remove it no matter what, not even in safe mode,
ive also tried to manually add it to blocked sites and it auto added it self again, microsoft spyware removal tool detected it and i told it to block it but that didnt seem to do any thing,...... this majorly sucks ass...


oh also my recycle bin is locked up and ive been denied access to any of my systems processes in task manager during normal boot up, i can only shut down the spyware and not the regular stuff, this is also what seems to be protecting the spyware, and its related folders....

EDIT: oh and every time i use the trend micro housecall, nearing the end of the scan the browser just closes and all the spyware automatically installs it self again.....

http://forums.designtechnica.com/showthread.php?t=5583

Do you have antivirus program?
Download AVG Antivirus, Hijack This (Links Above)



On AVG Antivirus Delete or quarantine what it finds, Remove cookies, Temporary Internet files,Empty Recycle Bin,

Then scan with HijackThis. Save log to desktop, Copy and Paste log to message board.........Jim

Do set AVG to check ALL files...its a custom setting..

dont bother with the hijack this log, ive removed all spyware/malware that can be possibly removed,

the only things that wont go away is the bho with the missing file and that trusted zone with net biz or some crap like that,

but here you go any ways...

Logfile of HijackThis v1.99.0
Scan saved at 7:32:29 PM, on 2/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Documents and Settings\Mashfique\My Documents\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F3B7EC9E-E166-1970-CD3B-0E8A377FD446} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunOnce: [Desktop Search Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP-
O4 - HKLM\..\RunOnce: [Bonus Sites Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP-
O4 - HKLM\..\RunOnce: [iSearch Toolbar Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP-
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe




im fairly literate with computers but nothing i do seems to be able to stop this ****, i cant find the main file,...

few minutes ago i did a search with the date that i got the virus and removed any files that i suspected with the time that i received the virus (probably removed a bunch of system files as well),

and im hoping that stopped it,.......

isearch isnt the problem , the problem is a downloader that downloads , isearch, apropox media bar, sidekick search , dy.fu.ca , bargain buddy,elitesidebar, and a lot of other ****,...

i also checked the systems process but nothing,

i finally got through a trend microscan with out it ****ing up by deleting what it finds then restarting from the point it last left off and ,.... nothing ,...

not even using the various tool bars own uninstallers removes them......

this latest version of what ever this is , is some tough ****,....


ill try that antivirus program .....

currently using firefox to avoid popups and other crap..

oh and the way to remove the desktop back ground if any of you get it is to remove the registry


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0 <--- remove the folder called 0,


but sadly that damned virus just respawns the files when it respawns everything else on what seems to be a carefully timed schedule....

i tried avg and it works pretty good,

i was able to stop most of the virus **** when i did the search for files from when i got it and deleted lots of ****,..

avg found 10 viruses, most of them were of thetrojan downloader type, now they are all gone,

my system seems clean with the exception of that damned
trusted site still there, and me not having access to any of the systems processes in the task manager, only in safe mode do i have access to them, and my recycle bin oddly looks like its locked up even though its not from what i can tell,.....


and i think isearch is still in there still trying to install itself, but microsoft antispyware blocks it, but im not too shure on that i seemed to have removed all traces of the trojan downloader and now im observing the effects,...

this gay new trojan/spyware/virus or what ever is the worst ive seen of its kind and very hard to remove,

and i punched lots of holes in my system while getting rid of it,...

if i stick in the windows xp cd and tell it to update windows will it fix the missing files ?

for example when i boot up it says invalid boot.ini file (which im shure i removed) booting from C:\windows.....


EDIT: i spoke too ****ing soon, that thing reactivated it self, and isearch installed and put in some other **** back in with it,... gonna have to do more work,.....

im trying one last thing, i had the isearch uninstaller and some other **** in hijack this , but those dont seem to be doing any good at all so im going to remove them and then do boot/ virus scan......

Spybot, has a resident part, called teatimer..
It tells you when something is changing the reg.. AND whats doing it..

ALSO found a prog, called PROCEXP.exe...
Nice program, as it tells you WHAT prog is running WHAT process...Use the double click, and read all the info tabs..

it would be neet to have a program trace..
A prog that would SHOW all the progs loading, and what they DID..

PROCEXP.exe


Got a link for it? May help with SVChost.........Jim :vivi

I scanned my computer with AdAware today and I found a nasty little ISearch registry file on there. I Deleted it and Spybot popped up and said there was a change to my registry.

Why didnt it pop up when ISearch was added? Only when I removed it Spybot appeared, Do I have TeaTimer set up wrong?.........Jim

Dont think so...
I scan 1 time aweek, and View with hijack..

http://www.sysinternals.com/win9x/98utilities.shtml

Processor explorer..

I'll take a look at this, Thanks for the link........Jim :vivi

This is The Last Post in this thread. If you wish to post a log. Please start a new thread and post your log in the Log Section, thanks. Here is the link.

http://forums.designtechnica.com/forumdisplay.php?f=127