Ok first install make sure that your ad-aware is upto date and run it.
Then go into control pannel>>add/remove programs and get rid of all that stuff it is normally in there.
Next if you are confident run Hijackthis it'll show you things that are running and you can get rid of the offending entries. However it doesn't distinguish between good and bad programs so you can if you don't know what you are doing delete needed entries.
actually, the only thing that is persisting (it went away but now it's back) is when i search in google it puts a bunch of smartpages and 2020 toolbar listings first for some reason.
here are a couple of listings...
Find DMCGIBBO at SMARTpages.com - Online Yellow Pages
Find local business listings for DMCGIBBO at SMARTpages.com, the online yellow pages directory of
SBC Communications. SMARTpages also offers city guides, shopping guides, white pages and more. http://service.bfast.com/ - 53k
Find DMCGIBBO Using the Free 2020 Search Toolbar
Having trouble finding DMCGIBBO? Get the 2020Search toolbar and say good-bye to those annoying pop-ups.
Many other useful features such as: text highlighter, multi-search engine, drag & drop,
e-mail results and more. http://www.2020search.com/ - 48k
and those didn't use to be there before. whatever search term i put in, it always has find "x" at smartpages or 2020. why is this happening?
I am having the EXACT same problem. I've run every type of spyware removal program and have gone through the registry several times to look for something suspicious and still no luck. I'm really getting mad at how my search in google is getting hijacked. Has anyone found any good solutions for this problem??
I already tried spybot, and i have tried using another browser, like avant, with a different proxy and the freaking search hijacker is still there!!! Any other suggestions??
I think 2020 Search is related to ClientMan???? I just had one hella week trying to remove ClientMan on an employee's PC remotely to New York (not fun).
I suggest you download and run HiJack This and post the log.
Logfile of HijackThis v1.97.7
Scan saved at 3:53:43 PM, on 5/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Avant is basically a frontend for IE, you need to use something which doesnt have an engine that allows anybody to install software on your machine.
IE is great because you can use it to update your OS in a really easy way. The downside is anyone with a little coding knowledge and no conscience can install things too.
The most well known alternatives are Firebird and Opera. Firebird is free and Opera is Adware unless you register. Give em both a download and see what works for you.
Also, try running whatever browser cleaning programs you use after killing IE and Explorer. Otherwise things can stay behind.
Well, I want to be able to keep using IE. What do you guys think about this: http://www.odysseusmarketing.com/uninstall/
I found this link when i went to http://www.searchassistant.net because i saw that web address when i viewed the source for the false google search page. The uninstall looks like a trap or something. What do you guys think?
Well, I want to be able to keep using IE. What do you guys think about this: http://www.odysseusmarketing.com/uninstall/
I found this link when i went to http://www.searchassistant.net because i saw that web address when i viewed the source for the false google search page. The uninstall looks like a trap or something. What do you guys think?
I wouldn't trust it. A user had the same probs last week and I came across the same link... I was definately skeptical about it.
Comments
Then go into control pannel>>add/remove programs and get rid of all that stuff it is normally in there.
Next if you are confident run Hijackthis it'll show you things that are running and you can get rid of the offending entries. However it doesn't distinguish between good and bad programs so you can if you don't know what you are doing delete needed entries.
here's the M$ support link for it
http://support.microsoft.com/default.aspx?scid=kb;EN-US;198279
I am having the EXACT same problem. I've run every type of spyware removal program and have gone through the registry several times to look for something suspicious and still no luck. I'm really getting mad at how my search in google is getting hijacked. Has anyone found any good solutions for this problem??
I suggest you download and run HiJack This and post the log.
Scan saved at 3:53:43 PM, on 5/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DigiNet\PopUpSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Messenger\msmsgs.exe
D:\My Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sony.com/vaiopeople
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] D:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "D:\Registry Clean Expert\RegCleanExpert.exe" /startup
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37792.9946875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
That's what's running for me according to Hijack This. Can anyone tell which ones are unnecessary? Thanks.
IE is great because you can use it to update your OS in a really easy way. The downside is anyone with a little coding knowledge and no conscience can install things too.
The most well known alternatives are Firebird and Opera. Firebird is free and Opera is Adware unless you register. Give em both a download and see what works for you.
Also, try running whatever browser cleaning programs you use after killing IE and Explorer. Otherwise things can stay behind.
I found this link when i went to http://www.searchassistant.net because i saw that web address when i viewed the source for the false google search page. The uninstall looks like a trap or something. What do you guys think?
I wouldn't trust it. A user had the same probs last week and I came across the same link... I was definately skeptical about it.