Boot in Safe Mode.
Switch System restore OFF.
Go to "Add/Remove Programs" in the Control Panel (Windows Setup Programs) and
remove the function "Indexing Service".
If you have to reboot, do so again in Safe Mode.
Then go to the "Administrative Tools" in the Control Panel and double-click the "Services". Scroll down until you find
"Indexing Service" (if it was removed in the previous Add/Remove, you can quit this now).
Rightclick it, select Properties.
Set the Status Type to "Disabled". Click OK and get out.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
cisvc.exe
PSFree.exe
cidaemon.exe
Next, uninstall this rubbish:
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
Next, run CWShredder again. The previous run should have cleared the websearch, you sure you followed my instructions?
Next, run HJT on its own and let it 'fix' if still there:
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\
PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?uid=135544374&id=1.00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?uid=135544374&id=1.00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&ssPageName=H:H:MYEBAY:US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;;<local>
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\
BTGrab.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\
enhtb.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\
SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\
Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\
igfxsrvc.dll
When done, delete the highlighted
bold files. When a
directory-name is
bold, delete everything in it, including that directory itself.
Boot normal. When all OK, switch System Restore back on.
Now go to
www.getfirefox.com and install/
use Firefox from now on. That has a built-in popup-stopper and is much safer to use than the holey IE.
Use IE strictly for Windoze-updates from now on.