[Michelle]

You can open notepad, by going to Start> All Programs > Accessories> Notepad

I edited my post as I told you to save it by the wrong name (would not cause harm, just a little error )

Open Notepad, and copy/paste the box below into a new notepad file. Change the "save as" type to "All Files". Save it as regfix.reg on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]

Make sure there is no blank line above "REGEDIT4".

Locate regfix.reg on your Desktop and double-click on it. If you receive any message, let me know BEFORE following the next steps!!

[Advertisements]

HEY!! you changed it....i did what you said, but now as i look back, the file name you're requesting changed????

are we cool... ?????????????????????

Edited by bananafanafo, 26 April 2005 - 12:10 PM.

[joshuageeks6999]

HEY!! you changed it....i did what you said, but now as i look back, the file name you're requesting changed????

are we cool... ?????????????????????

Edited by bananafanafo, 26 April 2005 - 12:10 PM.

[Michelle]

post #106 please

[joshuageeks6999]

Ok..got the edit message....

deleted remove.bat

did the same, launching as specified!! thanks!! such simple things.....

and now have a regfix.reg file on desktop, with a few little green boxes as an icon...

.......double clicked, script file blocked by MS Antispy and i'm back here

[Michelle]

Remember when I asked you to disable MS Anti-Spyware? This is one reason why! We have to do this part otherwise we can not continue.

[joshuageeks6999]

Good point, however...i did disable it; i had mentioned that i did it a bit different than your instructions...so, since i havn't done anything to that, i trust the Autoupdate that ran when i started this account reassessed and turned itself back on???? i guess that's a good thing...i'll have to go over to the other account to disable it...no icons located here??

[Michelle]

It's not located under Start > All programs ?

[joshuageeks6999]

Yes, found it...and deactivated...hmmm, it had also run a scan last night...3am auto scheduler?...1 item located but not treated, removed it...so now i will double click again on regfix.....

[joshuageeks6999]

hmmmmmmmmm????

blocked by MS Antispy again, script file....etc etc...guess i'm not getting MS fully shutdown...brb...

[Michelle]

How about disabling, then exiting the program?...if this doesn't work only other options are to a.) leave your system dirty, b) uninstall MS Anti-Spyware and re-install it in just a minute when your system is clean (VERY close!)

[joshuageeks6999]

MSAnti removed, double-click gets the following message, i said No until u give the go ahead...

Are you sure you want to add the information in C:\DOCUME~1\OWNER\Desktop\regfix.reg to the registry? Yes No

just me

[Michelle]

YES!

[joshuageeks6999]

Ok..off to do the other stuff!!! I can feel it now!!!!!!!!!!!

[Michelle]

here do it in this order (if you have already left to follow my other post, it's FINE!)

I need you to copy all of these instructions and paste them into a notepad and save it for use while in safe mode.

1) Please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) Select "Delete on Reboot".

4) Open the notepad file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\Documents and Settings\owner\Start Menu\Programs\Startup\netdb.exe
C:\WINDOWS\System32\netdc.exe
C:\WINDOWS\System32\MSIMN32.EXE
C:\WINDOWS\System32\TASKMGRU.EXE

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let it reboot.

Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis and place a check next to the following items if found and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

O4 - HKCU\..\Run: [MSIMN32] C:\WINDOWS\System32\MSIMN32.EXE
O4 - HKCU\..\Run: [TASKMGRU] C:\WINDOWS\System32\TASKMGRU.EXE
O4 - Startup: netdb.exe

O15 - Trusted IP range: 64.127.104.144

Close HiJackThis.

Restart your computer and Post a new HiJackThis log.

[joshuageeks6999]

Say....is it possible to download this entire thread from the forum ???i've taken notes, but it sort of feels like a relationship about to move on to the next level...might want this in my Keepsakes box....