Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
------------------------------------------------------------
See
this page for instructions on how to clear java's cache.
------------------------------------------------------------
Clear your Firefox cookies. From the open browser, go toTools>Options>Privacy>Cookies>Clear
------------------------------------------------------------
Empty your Recycle Bin
------------------------------------------------------------
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]
Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
------------------------------------------------------------
Click on the Start button & select Run
Type in
tasks & click Ok
In the ensuing window, click on the
'Advanced' menu (located above) & select
'View Hidden Tasks'
Review all the tasks/jobs at hand. You should be able to recognise jobs that you have created yourself.
Delete hidden jobs that look like these:
- AFAA2FFF93D5AE4B.job
A06F1FEF91A49933.job
A2C3205A93B8CDFA.job
A36F645091B91BF0.job
A42C6F7190EFE559.job
You can recognise them by the fact that they're hidden & have names that consist of 16 random letters.
------------------------------------------------------------
Reboot to Safe Mode.
------------------------------------------------------------
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
------------------------------------------------------------
Delete the following
folders:
C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend
C:\Documents and Settings\Chris Robb\Application Data\FoxieSpywareSwiftSweeper
------------------------------------------------------------
Please tell me the content of the folllowing
folders, or if you recognize them:
C:\Documents and Settings\All Users\Application Data\creative bind settings 4
C:\Documents and Settings\Chris Robb\Application Data\one settings tray
------------------------------------------------------------
Run the fl.bat tool once again. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply
------------------------------------------------------------
Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
------------------------------------------------------------
Run a new scan with HJT, save the log and post it.
Please return with results from:
findlop.txt
Kaspersky online scan
HJT
How is your system behaving now, please?