Unable to remove hijacker "http://iehomepages.com/"

Hi Major Geeks,

I have always been able to remove various malware from your easy-to-follow guides, but a browser hijacker named "http://iehomepages.com/" simply will not die...

I have followed the "Read & Run Me First" thread which removed a lot of malware (my girlfriend is also using my computer.. *sigh*), but my web logon page still looks like this all of a sudden: "http://signon.stofanet.dk/?url=aHR0cDovL2lkbnNlcnJvci5jb20v" redirecting me to "http://iehomepages.com/" after logon.

So, I ran "hsremove" and "AboutBuster" which also removed something, but not the previously stated problem. I am now at my wit's end.

Can you help me?

Attached are the logs (including the one for CounterSpy, as the Windows Defender would not work).

By the way:

I'm running Windows XP Pro SP 2 on a AMD Athlon XP 2600+ 2.08GHz, 512 MB RAM (I'm not good at hardware, so please tell if some important figures are missing)

PS: I'm from Denmark, so my English is a little rusty

 

Here are some more logs:

 

And here's the last log:

 

Please look in Add/Remove Programs for the following and uninstall them if found:

TrueCodec

AutoUpdate

VirusBurster

Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

isamonitor.exe

isamini.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/ search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Programmer\TrueCodec\isaddon.dll

O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Programmer\TrueCodec ← Delete this whole folder if it exist!

C:\Programmer\AutoUpdate ← Delete this whole folder if it exist!

C:\Programmer\VirusBurster ← Delete this whole folder if it exist!


\/ Delete the files below by manually locating them!

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Thank you, bjgarrick - you're the man!

It did the trick: I deleted all the above and the hijacker is gone for good (untill next time someone sits at my computer without the necessesary skills)


Again: THANK YOU

As requested, here's the latest HijackThis log:

 

Your log looks good, are you having any further problems?

 

No problems - everything is no running smoothly!

 

You should see this article on How to Protect yourself from malware!

Surf Safely!