I give up, hijacked, can't rid www.supersearchs.com

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

eclipse987

Thread Starter
Joined
Jun 11, 2003
Messages
13
I have searched for about the last week and can't figure out how to fix this.

Whenever I open IE6 on XP, it takes me to www.supersearchs.com.

I've tried changing the home page in tools - internet options. Always resets back to supersearchs.com.

I've ran updated - Adaware SE pro, Spybot, and Spyware Nuker, both in safe and normal modes. I've changed the homepage in Spyware Nuker and it will immediately go back to supersearchs.com right after im done typing in a new homepage website. I just tried Spyware Nuker last nite cuz i read it would rid this hijacker.

I ran Hijack This, both in safe and normal modes. And have had it "fix" the first entry - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com - BUT it always comes back.

edit: I have also ran CWShredder and NAV2005, no luck.

Here's my Hijack This log. Maybe there is something in there I don't need that could be causing the problem.

Logfile of HijackThis v1.99.0
Scan saved at 12:20:18 AM, on 2/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Adam Downloads\Programs\Spyware Nuker\Spyware Nuker 2004\swn2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ECLIPS~1\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iworld.us.oracle.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\ADAMDO~1\Programs\FLASHF~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Adam Downloads\Programs\Spyware Nuker\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Adam Downloads\Programs\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Adam Downloads\Programs\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://iworld.us.oracle.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093047162781
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Reset 5 - Unknown - C:\WINDOWS\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Feb 3, 2005
Messages
33
Have you tried searching for the address in the registry? to do this go into start>run>regedit. now here press ctrl F and then paste the url here then click find.
anywhere it is found change it to your homepage. then close registry editor and restart the machine.
if done correctly it should correct the problem.
 

eclipse987

Thread Starter
Joined
Jun 11, 2003
Messages
13
Well that's good that my log looks fine. I do my best keeping my system clean.

I'm at work right now, will try the registry fix when I get home today.

Thanks for input!
 

eclipse987

Thread Starter
Joined
Jun 11, 2003
Messages
13
GRR... Searched for it in the registry, with nothing running, found it in one spot. Modified it to say yahoo.com instead of supersearchs.com. Exited and looked again and it was changed back already. Changed it again, exited, rebooted and it's still there. Open internet explorer, tried changing it in tools, internet options, everything just keeps going back to www.supersearchs.com.


DUGQ - I've already tried CWShredder also.

Anybody else any idea?
 

jd_957

Banned
Joined
Dec 30, 2004
Messages
1,099
my 2 cents :)

try going to : tools, internet options, programs, reset settings.

it switched my search from google to msn. no big deal for me. i can live with either. it may work for you.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Move hijackthis.exe into a permanent folder like My Documents\hjt then post another log.
To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Run HJT again and put a check in the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com

Close all applications and browser windows before you click "fix checked".
 

eclipse987

Thread Starter
Joined
Jun 11, 2003
Messages
13
Neither idea worked.

This is flippin amazing. I have never had anything that was such a pain to get rid of. I also sometimes get these little spyware popups saying scanning my computer when i go to home hijack page. My popup blocker usually blocks everything too.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com

Close all applications and browser windows before you click "fix checked".



Go to Internet Options, Programs
Click the "Reset Web Settings" Button to reset your home and search pages.
 
Joined
Sep 28, 2004
Messages
1,124
If u cant fix it.
Do this
goto
>> Look on the right of this web page
look for the google search
Type in
Mozilla
once you find the mozilla's site
Download mozilla's firefox
Install it
Its a web brower that is better then IE.
Try it:D
 

eclipse987

Thread Starter
Joined
Jun 11, 2003
Messages
13
Yes sir, ran CWShredder several times along with trying the other ideas posted.
Nothing Present, 0 restored, none infected.

And lately, the homepage has been taking me to http://supersearchs.com/index2.html ... lol

I've been using mozilla at work a little bit and it seems ok, might take care of the problem too, just knowing something wierd going on in my pc bugs me hehe.
 
Joined
Sep 7, 2004
Messages
49,014
Found one sucessful fix to this

Boot in safe mode and delete both C:\Windows\System32\systr.dll and searchdll.dll and fix R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top