Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions. Read through the directions before beginning so you know what you will be doing; ask any questions you may have before beginning.
Click Start->Run->Then Type "regedit"
Click File->Export and save a copy of your registry somewhere just in case
Then navigate to this entry:
HKLM\System\CurrentControlSet\Control\Session Manager\
Right-click on it and select
Modify. Delete everything
After "autocheck autochk *". Then click
Ok.
Delete the following folders if they still exist:
C:\PROGRAM FILES\MYWEBSEARCH
C:\Program Files\FunWebProducts
If either folder gives you trouble deleting boot into Safe mode using F8 during startup and delte them from there.
Please submit the following file to
Jotti File Scan
C:\PROGRAM FILES\MSN MESSENGER\RICHED20.DLL
This will produce a report after the scan is complete, please copy and paste those results in your next post along with a new Hijackthis log.