Homepage problem, help plz !!!

[sakurakana1003]

My IE is infected with spyware, both Spybot and Ad-Aware couldn't get rid of it, my homepage is set to blank but automatically goes to some stupid search site every time I open my IE, changing the homepage in options doesn't affect it, how can I get rid of this worm? Thanks much in advance.

 

[Merithiel]

Does this belong under Operating System?

Also, did you try using www.google.com? You should. It probably is some adware. Not a worm probably.

 

[RS3RS]

It's not a worm, it is infact spyware/adware. Be sure that you've fully updated both Ad-Aware and SpyBot before you've run them.

Download the latest version of HiJack this!, and run it. If you're not sure what to do with it, post the log here for help.

Check the FAQ at the top of this section for more information, and links to programs (CW Shredder might be of some help). And yes, as far as I know, this thread does belong in operating systems.

If all else fails, I'd download a demo version of WebRoot's SpySeeper program here: http://www.webroot.com/ Update it, run it, and it might find something the others missed.

I'd definitely try Hijack This! though, is a very powerful program.

 

[sandmanx]

CWShredder is most likely what you are looking for. Make sure to run it for every user on the machine of you have multiple users. The about:black hijacks can be a real bitch to get rid of, good luck.

 

[sakurakana1003]

Thanks guys for the replies, and sorry for posting in the wrong forum, here is the log I got from HiJack This! Please take one last look and tell me which ones I should delete. Thanks again.

Logfile of HijackThis v1.99.0
Scan saved at 9:42:53 PM, on 1/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\apphy.exe
C:\WINDOWS\d3us32.exe
C:\Documents and Settings\Kane\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B4A8261-0A80-402A-F1BE-9B2ACBFECDD5} - C:\WINDOWS\system32\msyl32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [d3us32.exe] C:\WINDOWS\d3us32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O15 - Trusted Zone: www.hardforum.com
O15 - Trusted Zone: www.ign.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://www.worldofwarcraft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101618644952
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\apphy.exe

 

[Clownboat]

After you get this problem fixed, you might want to install some decent antivirus and firewall software.

Also, you should probably finish playing World of Warcraft before you start screwing with your system; things will go much faster that way.

 

[RS3RS]

Looking at that log, I would remove....

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kpusq.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B4A8261-0A80-402A-F1BE-9B2ACBFECDD5} - C:\WINDOWS\system32\msyl32.dll


Also, a google search seeing what one of the files is turned up this:
http://64.233.187.104/search?q=cach...mpatible.com/thread30177-1.html+sp.html&hl=en

Might be helpful to you, since it seems to relate to one of the things HiJack This! found