Spyware changing homepage

A few days ago, my homepage started to be changed from the regular homepage setting to spykiller.com.  I could not search the internet or check my e-mail account.  On startup, everything will be fine, but after a little while, spykiller takes over.  I have run Spybot, Ad-aware, and spy sweeper, but they do not register that anything is wrong.  What should I do?

HEre is what I get when I run HiJack this!

Logfile of HijackThis v1.98.2
Scan saved at 7:40:11 PM, on 11/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam and Kim\Desktop\antivirus\HijackThis2.exe

O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [FM20644h.exe] "C:\WINDOWS\System32\FM20644h.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {8725FAB8-32D3-4C61-9D9A-EDEEF217350D} - (no file) (HKCU)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdfc1066d.dll

apataiAsked:
Who is Participating?
 
SheharyaarSaahilConnect With a Mentor Commented:
Hello apatai =)

First thing, uninstall that Bearshare.... that program doesn't comein the list of Good programs =\
Second thing, fix just four two lines in hijackthis scan,

O4 - HKCU\..\Run: [FM20644h.exe] "C:\WINDOWS\System32\FM20644h.exe"
O9 - Extra button: (no name) - {8725FAB8-32D3-4C61-9D9A-EDEEF217350D} - (no file) (HKCU)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdfc1066d.dll

Third thing, whatever tool u run, run it in safemode and plzz delete the temp and temp intenet files by running Disk Cleanup on ur hard drive, check if any progress :)
0
 
apataiAuthor Commented:
That worked...Thanks!
0
 
SheharyaarSaahilCommented:
great..... :)

now as the problem is solved, u can close this question :)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
0
All Courses

From novice to tech pro — start learning today.