ehompages hijack

How can I get rid of this annoying hijack. Teaches me to download stupid crap!

Adaware, defender and norton don't clean it.

Thanks,
Luis

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

I have followed all of your cleaning procedures. THe panda scan didn't work so here are the other attachments. I did use Defender and it didn't find anything.

 

here is the hijack log...

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

Viewpoint

VirusBurster

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - D:\WINDOWS\system32\tazth.dll

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ← Delete this whole folder if it exist!

C:\Program Files\VirusBurster ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste D:\WINDOWS\system32\tazth.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

FINAL STEP

Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Once you have completed this step, reboot once more and let me know how things are running and if any problems remain.

 

Thank you very much for your help.

THe steps you suggested seem to have worked except that I can't change my home page. It keeps going to ehomepages.com even after I try to change it is tools>internet options>home page and enter www.googe.com.

Luis

 

Once you complete this, reboot and set your homepage.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

I did what you explained and the home page still can't be changed.

Thanks,
Luis

 

Do you mean it changes itself or do you mean it's greyed out where you can't?

 

it changes itself. or I think it does...

I change the home url in the IE tools section and apply the changes. It does the change but when I launch IE again, back to the same ehomepages BS.

Thanks,
Luis

 

Attach a current HJT log.

 

Here is the requested log...

 

Please look in Add/Remove Programs for the following and uninstall them if found:

PowerCodec

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - D:\Program Files\PowerCodec\isaddon.dll

O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - D:\Program Files\PowerCodec\iesplugin.dll

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

D:\Program Files\PowerCodec ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Next Reset Web Settings & Default Security Settings

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

After you complete the above, reboot once more and attach a fresh HJT log and let me know how things are running.

 

your steps seem to have worked!!!! I'd buy beers if you were in Toronto!

Here is the log ...

 

After today I need a few, lol

Your log looks good, are you having any further problems?