Member
I did change them in the Service Control Panel, but for some reason the settings are back again.Originally Posted by TurcoLoco
I agree with you, I really do think I should wave the white flag. I would like to thank both you and JHolland for all of your help. I really do appreciate your time and effort into solving this problem.
Administrator
lakers, before you wave that final white flag why not do the Easy-Search.biz Hijacker removal, just one more time because I just keep coming back to that. I think it, or at least part of it is still on the machine, as these entries in the log suggest;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
Print out these instructions so you don't have to be online when doing them because I want you to totally disconnect from the internet, pull the plug in other words when you are actually doing this fix.
Now I have a couple questions here and I would like the answers BEFORE you proceed with this fix;
Your log shows McAfee Firewall but also shows the Symantec Internet Security Suite. Are you absolutely certain that there is NO firewall running connected with this Symantec program also?
AND does the McAfee program contain an anti-virus program? I am not seeing it, but with the way things have been going here I want to be absolutely certain you are not running TWO anti-virus programs at the same time because, as with the firewall, running two anti-virus programs on the same computer are also a no-no.
Are the McAfee programs running part of the AOL 9.0 Security Suite or are they actually THE McAfee programs which you purchased separately?
I have seen enough problems with this AOL Security Suite to be somewhat leery of it and, frankly, I usually recommend it's total uninstall and the use of independent anti-virus and firewall programs. This is why I would like the answer to these questions.
Answer those questions above, post them here, and then proceed with these steps;
PRINT THESE INSTRUCTIONS OUT.
I want you to first to update your AdAwareSE, don't run it yet.
Download the ATF Cleaner program from PP's sticky if you don't have it and save it to your desktop.
Download RegCleaner
Save it to your desktop.
Now is when I want you to totally disconnect from the internet. Pull the plug. Reboot the computer into SAFE MODE.
Next Make sure that ALL the security programs are TURNED OFF. Completely. Even though you are in safe mode and they SHOULD be turned off check to be absolutely certain.
You don't need them right now since you are OFF LINE.
Turn off ALL the McAfee programs, ALL the Symantec/Norton programs, Ewido, Windows Defender, the AOL Anti-spy, Anything security...turn them all off. Go into Taskmanager and make sure all are turned off. If you see any, turn them off.
Also make certain that all of these programs are TURNED OFF, even though you are in safe mode, check to be sure... iTunes, Nero Filter Check, iPod, MSN Messenger, AOL IM if you have it, close all browsers.
Now I want you to first run the ATF Cleaner;
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT
Next run AdAwareSE this way;
Open the program;
* Click on the gear icon in the upper right (Settings).
* Click "Scanning".
* Select:
- "Scan within archives"
- "Scan my IE Favorites for banned URLs"
- "Scan my hosts file"
* Click "Tweaks".
* Click "Cleaning Engine".
* Select "Automatically try to unregister objects prior to deletion".
* Click "Proceed".
* Click "Start".
* Select "Use custom scanning options".
* Click "Next" and wait for the scanning process to complete.
* Select all the items found for removal. ("Removal" actually puts things in quarantine, so you can generally recover them if you need to.)
* Reboot your computer into NORMAL MODE but DO NOT RECONNECT TO THE INTERNET AND BE CERTAIN THAT ALL OF THOSE SECURITY PROGRAMS AGAIN ARE TURNED OFF along with all the others I noted above also, AND of course browsers closed too.
Now I want you to run HiJackThis again.
Place checkmarks next to the following entries if they remain;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
Click the FIX button.
Exit HiJackThis.
Reboot to SAFE MODE.
Now once rebooted in safe mode navigate to;
C:\Windows\System32
Look for the following files marked in RED and DELETE any of them IF found;
C:\Windows\System32\iau.exe
C:\Windows\System32\stisvsq.exe
C:\Windows\System32\svshost.exe
C:\Windows\System32\msqdevl.exe
C:\Windows\System32\lssas.exe
C:\Windows\System32\mservice.exe
Reboot your computer to normal mode.
I want you to then run RegCleaner. Do that this way;
Open the Program.
Go to Tools, Registry Cleanup, Do Them All.
The program will scan the computer for unnecessary or unused items.
Once the scan is complete it will show the items found which are unneeded.
Then go up to Select and choose Select ALL. Next click the Remove the Selected button on the lower Right corner. These useless entries will be removed. Click the Exit button.
(Now there is a backup automatically made with this program so don't be concerned. If you find you do need any of these removed items they can be recovered.)
Open Internet Explorer. Click on tools, then Internet Options. Then click on the Connect tab.
Then press the Lan Settings button and uncheck the Use a proxy server checkbox. Then press OK until you are out of the options screen.
Now shut down the computer. Reconnect the internet to the computer. Reboot.
With all browsers and IM programs CLOSED, run HiJackThis again and save the log and post it back here.
Judy
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote