I have an XP SP2 pc that seems to have it Internet Explorer 6.0 hijacked. Whenever I try to set the homepage to any address, it will open the correct one on the first launch of IE, but then the homepage will change to "about:blank" and the HOME SEARCH page opens in it's place.(HomeSearch with all the cheaploans, viagra, and gambling sites)
I have used HiJackThis to create a log and will post it at the end of this question. There are 3 programs that are in my Add/Remove directory that I can't seem to uninstall. They are [WebRebates] - [Home Search Assitent] and [Search Extender]. All of these point me to http://looking-for.cc/uninstall/HomeSearchAssistant.html which of course isn't any help in uninstalling. I've scoured through the processes under TskMgr. and through MSCONFIG to see if there are any "foreign" processes, but all seem to be legitimate.
Any help would be Most Appriciated.
HiJackThis 1.98 Log File Logfile of HijackThis v1.98.2 Scan saved at 2:52:35 PM, on 10/15/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Also run Spybot in advanced mode and select Tools. Check box by BHO in right pane and then click on BHO in left pane. Remove any suspicious entries. May want to only leave Spybot and any Antivirus add-ins.
Let me know if this works. If not, we'll put our thinking cap back on.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
about:blank hiJack
I have used HiJackThis to create a log and will post it at the end of this question. There are 3 programs that are in my Add/Remove directory that I can't seem to uninstall. They are [WebRebates] - [Home Search Assitent] and [Search Extender]. All of these point me to http://looking-for.cc/uninstall/HomeSearchAssistant.html which of course isn't any help in uninstalling.
I've scoured through the processes under TskMgr. and through MSCONFIG to see if there are any "foreign" processes, but all seem to be legitimate.
Any help would be Most Appriciated.
HiJackThis 1.98 Log File
Logfile of HijackThis v1.98.2
Scan saved at 2:52:35 PM, on 10/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\nvsvc32.exe
C:\Windows\system32\crec32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe