Have followed READ ME - still have browser hijack

Hello, first of all I would like to thank you for maintaining such a great site.

I have a browser hijack problem I hope you can help me with. Symptoms:
(1) Internet Explorer home page is continually reset to:
http://296f8.ilxt.info/index.php?aid=11340
(2) Some web pages are blocked, for example:
http://windowsupdate.microsoft.com/
(3) Intermittent, and seemingly random, Internet Explorer crashes

System info:
Windows XP
Professional
Version 2002
Service Pack 1

Internet Explorer 6.0.2800.1106.xpsp2.030422-1633


Here are the steps I have taken:
(1) Following the FAQ at www.majorgeeks.com (http://forums.majorgeeks.com/showthread.php?t=35407)

(a) Attempted to run Windows Update as directed in majorgeeks.com FAQ (http://forums.majorgeeks.com/showthread.php?t=35407) but browser hijack redirected.

(b) Disabled system restore temporarily

(c) Scanned Windows services for "Network Security Service", but it was not found

(d) enabled viewing of hidden files and folders

(e) I ran the online virus protection at:
http://housecall.trendmicro.com/housecall/start_corp.asp
It detected 4 files that seemed to be Trojan Horses, it could not remove them because IE was in use.
The virus scanning at
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
was temporarily unavailable

(f) I downloaded and installed all the utilities mentioned in the FAQ (Ad-Aware and Spybot Search and Destroy were already installed - I updated them, used Ad-Aware's Immunize feature, and activated Spybot's stay resident feature)

(g) I rebooted into safe mode

(h) Still following the FAQ, I ran CCleaner - no bad files found

(i) Ran Ad-aware - numerous critical entries detected and deleted, including some CoolWebSearch variants (Note - I see no indication VX2-Plug-in is installed although I did download and install it).

(j) Ran Spybot - several problems found and fixed (including DSO exploit)

(k) Ran CWShredder - no problems detected

(l) Ran About-Buster 3 times, rebooting (into safe mode) as instructed

(m) Ran HSRemove - no problems detected

(n) Rebooted, normal mode - ran AdAware on start-up, no problems found. Dared to hope at this point that success was in reach...

(o) Notified that Windows updates were available - installed them with the icon on the taskbar

(o) opened IE - redirected to
http://296f8.ilxt.info/index.php?aid=11340
Doh!

(p) Ran Ad-Aware again - found critical problems, but fewer. CoolWebSearch still in the list

(q) Ran Sbybot – only problems now found are DSO exploit, which can be ignored according to an existing thread on www.majorgeeks.com

(s) Still getting home page hijacked.

(t) I have run HijackThis at a few points in the process. I can post the latest run, but I’m holding off as requested in the FAQ.

Thanks so much for your help.

Best,
johng2g

 

Hello Chasling,

Thank you very much for your reply. I followed the instructions you gave me.

Attached is my new HijackThis Log...

It seems as though my IE homepage under my profile <John> is now staying put, but the one for the other profile <Karon> is still set to the Hijacked page.

Thanks again,
Johng2g

 

Hello Chaslang, Major Attitude,

Thanks for your help. Both profiles seem to be working well now.

As for the domains in the Trusted Zone, I had switched off my ActiveX, but 3 of those sites required it, so I put them in the trusted zone. The other 2 are domains I own. I will look at removing them.

Thanks again for everything,
johng2g