Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
13 Posts
Discussion Starter · #1 ·
I have searched for about the last week and can't figure out how to fix this.

Whenever I open IE6 on XP, it takes me to www.supersearchs.com.

I've tried changing the home page in tools - internet options. Always resets back to supersearchs.com.

I've ran updated - Adaware SE pro, Spybot, and Spyware Nuker, both in safe and normal modes. I've changed the homepage in Spyware Nuker and it will immediately go back to supersearchs.com right after im done typing in a new homepage website. I just tried Spyware Nuker last nite cuz i read it would rid this hijacker.

I ran Hijack This, both in safe and normal modes. And have had it "fix" the first entry - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com - BUT it always comes back.

edit: I have also ran CWShredder and NAV2005, no luck.

Here's my Hijack This log. Maybe there is something in there I don't need that could be causing the problem.

Logfile of HijackThis v1.99.0
Scan saved at 12:20:18 AM, on 2/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Adam Downloads\Programs\Spyware Nuker\Spyware Nuker 2004\swn2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ECLIPS~1\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iworld.us.oracle.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\ADAMDO~1\Programs\FLASHF~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Adam Downloads\Programs\Spyware Nuker\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Adam Downloads\Programs\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Adam Downloads\Programs\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://iworld.us.oracle.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093047162781
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Reset 5 - Unknown - C:\WINDOWS\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
33 Posts
Have you tried searching for the address in the registry? to do this go into start>run>regedit. now here press ctrl F and then paste the url here then click find.
anywhere it is found change it to your homepage. then close registry editor and restart the machine.
if done correctly it should correct the problem.
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #4 ·
Well that's good that my log looks fine. I do my best keeping my system clean.

I'm at work right now, will try the registry fix when I get home today.

Thanks for input!
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #5 ·
GRR... Searched for it in the registry, with nothing running, found it in one spot. Modified it to say yahoo.com instead of supersearchs.com. Exited and looked again and it was changed back already. Changed it again, exited, rebooted and it's still there. Open internet explorer, tried changing it in tools, internet options, everything just keeps going back to www.supersearchs.com.

DUGQ - I've already tried CWShredder also.

Anybody else any idea?
 

·
Banned
Joined
·
1,099 Posts
my 2 cents :)

try going to : tools, internet options, programs, reset settings.

it switched my search from google to msn. no big deal for me. i can live with either. it may work for you.
 

·
Retired Moderator
Joined
·
72,109 Posts
Move hijackthis.exe into a permanent folder like My Documents\hjt then post another log.
To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Run HJT again and put a check in the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com

Close all applications and browser windows before you click "fix checked".
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #8 ·
Neither idea worked.

This is flippin amazing. I have never had anything that was such a pain to get rid of. I also sometimes get these little spyware popups saying scanning my computer when i go to home hijack page. My popup blocker usually blocks everything too.
 

·
Retired Moderator
Joined
·
72,109 Posts
Run HJT again and put a check in the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com

Close all applications and browser windows before you click "fix checked".

Go to Internet Options, Programs
Click the "Reset Web Settings" Button to reset your home and search pages.
 

·
Registered
Joined
·
1,124 Posts
If u cant fix it.
Do this
goto
>> Look on the right of this web page
look for the google search
Type in
Mozilla
once you find the mozilla's site
Download mozilla's firefox
Install it
Its a web brower that is better then IE.
Try it:D
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #12 ·
Yes sir, ran CWShredder several times along with trying the other ideas posted.
Nothing Present, 0 restored, none infected.

And lately, the homepage has been taking me to http://supersearchs.com/index2.html ... lol

I've been using mozilla at work a little bit and it seems ok, might take care of the problem too, just knowing something wierd going on in my pc bugs me hehe.
 

·
Registered
Joined
·
1,124 Posts
True that. That would bug me too
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top