iehomepages

Hi I have been infected by iehomepages and it disabled system restore and changed many other settings.
Norton and adaware did not do alot to help.
I have followed the steps in your READ AND RUN ME FIRST tutorial.
Results are attached.

 

other scans attached

 

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes.

Download
Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {c3703265-4671-4858-92a4-cba6a7b3bb45} - C:\WINDOWS\System32\ixt0.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/

O16 - DPF: {8E2B469B-7444-42C3-BE28-7A54E05AC049} (PrintCtrl Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPRTC.CAB

O23 - Service: SysWhz - Unknown owner - \\?\C:\Program Files\Common Files\System\com3.exe (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Thanks alot bjgarrick
I have followed the steps and attached the hijack this log.
Please let me know how it looks now and where to get the service pack update.

 

Your log looks good, are you having any current problems?

 

The only noticable problem is that the notice that you are about to enter a secure connection comes up on sites that it usually doesn't. also when i toggled system restore it did not prompt me to restat so i restarted anyway.
The computer is running slower than it was before the infection. could this be something to do with the pogram's that have been installed during the removal process.

 

The message is normal so this isn't a problem. You can remove anything I had you download, install or run.

 

Thanks alot for your help you are a legend

 

Your Welcome!

Surf Safely!