I have an XP SP2 pc that seems to have it Internet Explorer 6.0 hijacked. Whenever I try to set the homepage to any address, it will open the correct one on the first launch of IE, but then the homepage will change to “about:blank” and the HOME SEARCH page opens in it’s place.(HomeSearch with all the cheaploans, viagra, and gambling sites)
I have used HiJackThis to create a log and will post it at the end of this question. There are 3 programs that are in my Add/Remove directory that I can’t seem to uninstall. They are [WebRebates] – [Home Search Assitent] and [Search Extender]. All of these point me to http://looking-for.cc/uninstall/HomeSearchAssistant.html which of course isn’t any help in uninstalling.
I’ve scoured through the processes under TskMgr. and through MSCONFIG to see if there are any “foreign” processes, but all seem to be legitimate.
Any help would be Most Appriciated.
HiJackThis 1.98 Log File
Logfile of HijackThis v1.98.2
Scan saved at 2:52:35 PM, on 10/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\nvsvc32.exe
C:\Windows\system32\crec32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
