Hijacked Homepage & Search Page

Hello,

I am currently having issues with IE6 and would like to request some help. I have followed every step that had been outlined prior to posting. I have Ad-Aware SE Ad-Watch running in automatic mode. When I open IE some service is constantly trying to change my homepage. This is what it is trying to change to:

mkMSITStore: C:\spe\start.chm::/start.html#

Secondly, when typing an address in the address bar, unless I use the fully qualified URL, including http://, it uses the text as a search string for http://www.heretofind.com.

I am not new to computers, nore spy and ad ware. However, I am not able to pin point the cause, nor do I have time to spend on this.

Your Help is greatly appreciated,

Adam

 

Here is my log. I have ran this prior, and removed all appropriate keys, only to have them reappear after a reboot.

Thanks for your help.

I tried to add an attachment, but the manage attachment button does nothing. Would you like me to past it into the message?

 

did you go through the tutorial?

 

Yes I did, to the "T".

 

do a search for a folder on your system called spe. Find it and delete it. Then remove these keys

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=18&q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=18&q=%s
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=18&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=18&q=

you probably should do this while in safe mode.. just incase a file is in use.

 

Damnit.. I didn't notice this .. you need to download a new version of HJT.. you're on 1.97.7. The latest is 1.98.2

Please download it here
http://www.majorgeeks.com/download3155.html

and then run it again and post a new log..

 

Heres my log, thanks for the quick responses!! (again the manage attachments button does nothing).

 

reboot into safe mode
locate a folder called C:\SPE and delete that sucker!
then run HiJackThis and remove the following


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=18&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mkMSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=18&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mkMSITStore:C:\spe\start.chm::/start.html#
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=18&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=18&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=18&q=


For my own records as I update my knowlege in how to fight this stuff, can you post the file names of any files found in that directory?

 

Just the one (including hidden files), start.chm

Thanks!!!!

 

everything working ok now?