browser hijack?

Is your Father deliberately set up to use a proxy? (Doubt it, but have to be sure)

 

Hi Jeff,



Re run Hitman Pro and have it remove these:

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate this detection:

• [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:13828 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

Place a checkmark next to this item, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.




Delete these if you see them:

• C:\Windows\tasks\Select-N-Go Update.job
• C:\Windows\tasks\Select-N-Go_wd.job

Now re run RogueKiller once more (just a scan) and attach that log too please.

 

RogueKiller still finds:

• [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:13828 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
• [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

You need to use it to try again to get rid of those.

Try this also:

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


What is your Father using for Anti-Virus?


Please download Combofix to your desktop. Please refer to these instructions prior to running.

Once done running Combofix attach the log.
Rescan with RogueKiller again so I can see if those entries went ot not.

 

Hmm, seems like it's gone.

Re run RogueKiller once more please and attach the log.