Go Back   PCMech Forums > Help & Discussion > Internet, Web Applications, & The Cloud
searchpage.cc Spyware searchpage.cc Spyware
Register FAQ Members List Social Groups Rules Calendar Search Today's Posts Mark Forums Read

Need Some Help? Type Your Keywords Here:

Reply
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Old 07-11-2004, 11:10 AM   #1
Member (6 bit)
 
Join Date: Oct 2002
Location: Ohio
Posts: 32
searchpage.cc Spyware
I have a piece of spyware of my computer that always sends me to searchpage.cc whenever I open IE. It sets it as my start up page, and I can not change it, when I do, it changes it back to searchpage.cc
Also, when I try and type a URL in, it will not take me to the page I type in, it sends me back to searchpage.cc

I think the spyware associated with it is called exploit
Spybot removes it, and then it comes right back.

Anyone have any suggestions of how to get rid of it?
Thanks in advance. Ryan
bolsey84 is offline   Reply With Quote
Old 07-11-2004, 04:02 PM   #2
Member (6 bit)
 
TVANWINKLE's Avatar
 
Join Date: Dec 2002
Location: HOUSTON, tEXAS
Posts: 51
Ryan,

Are you using Adaware as well? If not I would suggest running both. Also, install hijackthis and post your log so we can see whats going on.
TVANWINKLE is offline   Reply With Quote
Old 07-12-2004, 10:04 AM   #3
Member (6 bit)
 
Join Date: Oct 2002
Location: Ohio
Posts: 32
Here is what HijackThis had to say....

Logfile of HijackThis v1.97.7
Scan saved at 11:02:25 AM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\ryan boles\local settings\temp\9c2WxI2.exe
C:\documents and settings\ryan boles\local settings\temp\5KQIYR.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Broadband Wizard\bbwiz.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\PROGRA~1\AIM\aim.exe
C:\Documents and Settings\Ryan Boles\Local Settings\Temporary Internet Files\Content.IE5\W52Z8LYF\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [9c2WxI2] C:\documents and settings\ryan boles\local settings\temp\9c2WxI2.exe
O4 - HKLM\..\Run: [5KQIYR] C:\documents and settings\ryan boles\local settings\temp\5KQIYR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Broadband Wizard.lnk = C:\Program Files\Broadband Wizard\bbwiz.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O13 - DefaultPrefix: http://%6E%6B%76%64%2E%75%73/
O13 - WWW Prefix: http://%6E%6B%76%64%2E%75%73/
O13 - Home Prefix: http://%6E%6B%76%64%2E%75%73/
O13 - Mosaic Prefix: http://%6E%6B%76%64%2E%75%73/
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3140B9-2DF7-4A47-A5DB-528FF47BBA1F}: NameServer = 208.16.180.5,208.16.180.6
bolsey84 is offline   Reply With Quote
Old 07-12-2004, 10:56 AM   #4
Member (6 bit)
 
TVANWINKLE's Avatar
 
Join Date: Dec 2002
Location: HOUSTON, tEXAS
Posts: 51
Ryan,

You have many questionable entries. I would suggest posting your log Here to ensure you get all the bug's out of your system.
TVANWINKLE is offline   Reply With Quote
Reply

Bookmarks

Still Need Help? Type Your Keywords Here:


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 11:21 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 PL2

PCMech - Archive - Top