1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I give up, hijacked, can't rid www.supersearchs.com

Discussion in 'Web & Email' started by eclipse987, Feb 3, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. eclipse987

    eclipse987 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    13
    I have searched for about the last week and can't figure out how to fix this.

    Whenever I open IE6 on XP, it takes me to www.supersearchs.com.

    I've tried changing the home page in tools - internet options. Always resets back to supersearchs.com.

    I've ran updated - Adaware SE pro, Spybot, and Spyware Nuker, both in safe and normal modes. I've changed the homepage in Spyware Nuker and it will immediately go back to supersearchs.com right after im done typing in a new homepage website. I just tried Spyware Nuker last nite cuz i read it would rid this hijacker.

    I ran Hijack This, both in safe and normal modes. And have had it "fix" the first entry - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com - BUT it always comes back.

    edit: I have also ran CWShredder and NAV2005, no luck.

    Here's my Hijack This log. Maybe there is something in there I don't need that could be causing the problem.

    Logfile of HijackThis v1.99.0
    Scan saved at 12:20:18 AM, on 2/3/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\system32\resetservice.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Adam Downloads\Programs\Spyware Nuker\Spyware Nuker 2004\swn2.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Chameleon Clock\ChamClock.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\BitTorrent\btdownloadgui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ECLIPS~1\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iworld.us.oracle.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\ADAMDO~1\Programs\FLASHF~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Spyware Nuker] C:\Adam Downloads\Programs\Spyware Nuker\Spyware Nuker 2004\swn2.exe /h
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Adam Downloads\Programs\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Adam Downloads\Programs\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://iworld.us.oracle.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093047162781
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Reset 5 - Unknown - C:\WINDOWS\system32\srvany.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
  3. rbltech

    rbltech

    Joined:
    Feb 3, 2005
    Messages:
    33
    Have you tried searching for the address in the registry? to do this go into start>run>regedit. now here press ctrl F and then paste the url here then click find.
    anywhere it is found change it to your homepage. then close registry editor and restart the machine.
    if done correctly it should correct the problem.
     
  4. eclipse987

    eclipse987 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    13
    Well that's good that my log looks fine. I do my best keeping my system clean.

    I'm at work right now, will try the registry fix when I get home today.

    Thanks for input!
     
  5. eclipse987

    eclipse987 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    13
    GRR... Searched for it in the registry, with nothing running, found it in one spot. Modified it to say yahoo.com instead of supersearchs.com. Exited and looked again and it was changed back already. Changed it again, exited, rebooted and it's still there. Open internet explorer, tried changing it in tools, internet options, everything just keeps going back to www.supersearchs.com.


    DUGQ - I've already tried CWShredder also.

    Anybody else any idea?
     
  6. jd_957

    jd_957 Banned

    Joined:
    Dec 30, 2004
    Messages:
    1,099
    my 2 cents :)

    try going to : tools, internet options, programs, reset settings.

    it switched my search from google to msn. no big deal for me. i can live with either. it may work for you.
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Move hijackthis.exe into a permanent folder like My Documents\hjt then post another log.
    To create a permanent folder click My Computer, then C:\
    In the menu bar click on File, New, Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

    Run HJT again and put a check in the following:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com

    Close all applications and browser windows before you click "fix checked".
     
  8. eclipse987

    eclipse987 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    13
    Neither idea worked.

    This is flippin amazing. I have never had anything that was such a pain to get rid of. I also sometimes get these little spyware popups saying scanning my computer when i go to home hijack page. My popup blocker usually blocks everything too.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com

    Close all applications and browser windows before you click "fix checked".



    Go to Internet Options, Programs
    Click the "Reset Web Settings" Button to reset your home and search pages.
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  11. vanillag1rl

    vanillag1rl

    Joined:
    Sep 28, 2004
    Messages:
    1,124
    If u cant fix it.
    Do this
    goto
    >> Look on the right of this web page
    look for the google search
    Type in
    Mozilla
    once you find the mozilla's site
    Download mozilla's firefox
    Install it
    Its a web brower that is better then IE.
    Try it:D
     
  12. eclipse987

    eclipse987 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    13
    Yes sir, ran CWShredder several times along with trying the other ideas posted.
    Nothing Present, 0 restored, none infected.

    And lately, the homepage has been taking me to http://supersearchs.com/index2.html ... lol

    I've been using mozilla at work a little bit and it seems ok, might take care of the problem too, just knowing something wierd going on in my pc bugs me hehe.
     
  13. vanillag1rl

    vanillag1rl

    Joined:
    Sep 28, 2004
    Messages:
    1,124
    True that. That would bug me too
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Found one sucessful fix to this

    Boot in safe mode and delete both C:\Windows\System32\systr.dll and searchdll.dll and fix R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supersearchs.com
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326201

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice