Boot in Safe Mode.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
kpuara.exe
sp4ssl.exe
sysiew.exe
exp.exe
richup.exe
vidctrl.exe
VCMnet11.exe
Next, In Control Panel/Add/Remove Programs UNinstall "Windows AFA Internet Enhancement" if it exists.
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\WINNT\system32\
kpuara.exe
C:\WINNT\system32\
sp4ssl.exe
C:\WINNT\system32\
sysiew.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://intranet.forteds.com/license/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://intranet.forteds.com/license/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Forte Design Systems
==>> if you use Netscape and want this homepahe, OK, otherwise FIX this N1 entry <<==
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://intranet.forteds.com/license/"); (C:\Program Files\Netscape\Users\jking\prefs.js)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINNT\system32\
richedtr.dll
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\
exp.exe
O4 - HKLM\..\Run: [richup] C:\WINNT\system32\
richup.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\
vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\system32\kpuara.exe reg_run
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\
VCMnet11.exe
O4 - HKLM\..\Run: [02sS37g] sysiew.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chronology.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EE0AA4F-79EC-4BD1-A094-EDE31147A61C}: NameServer = 172.16.2.5,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chronology.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = chronology.com
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINNT\Temp (except files dated from TODAY).
Boot normal.
PS: you could make your system faster by switching off (Disable) the Indexing Service in Control Panel/Admin Tools/Services