Re: HJT LOG - PC sends out massive random emails, locks up!

Author	All Replies
bcastner Premium,MVM join:2002-09-25 Chevy Chase, MD clubs: ·Verizon Online DSL	reply to fjr1966 Re: HJT LOG - PC sends out massive random emails, locks up! DISABLE Spyware Doctor -- It is a good program, but ... it may hinder the removal of some malware entries. You can re-enable it after you're clean. From within Spyware Doctor, click the "OnGuard" button on the left side. Uncheck "Activate OnGuard". 1. Using your mouse, left click once where it says: Copy to clipboard to capture the entire contents of the Code box below, including blank lines: REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7il] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool] Open a new Notepad document. (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click \| Paste the Code box contents from above into Notepad. Click File, Save as..., and enter (including quotation marks) as the filename: "RegFix.REG". Exit Notepad. Double click your new file and agree to the registry merge when asked. You can then delete this new file. 2. Using your mouse, Highlight and then Right-click \| Copy the entire contents of the Quote box below, including blank lines: quote: @echo off cd %~dp0 REM :!: malware removal script only for this user REM :!: Please do not use. REM :!: Unintended consequences are likely if you are not this user. REM :!: Authored by Bill Castner, BroadBandReports Forum @echo off cd %~dp0 del /a /f /q C:\Program Files\Messenger\kygeta.html del /a /f /q C:\Documents and Settings\FRANK\My Documents\Computer Tools\SYSTEM TOOLS\keyfinder.exe del /a /f /q D:\Computer Tools\SYSTEM TOOLS\keyfinder.exe del /a /f /q G:\SYSTEM TOOLS\keyfinder.exe del %0 exit Open a new Notepad document. (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click \| Paste the Quote box contents from above into Notepad. Click File, Save as..., and enter (including quotation marks) as the filename: "Cleanit.cmd". Exit Notepad. Double click your new file to run the script. It will briefly open a black box and then exit.. 3. Please download AproposFix from here: http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop but do not run it yet. Now reboot into Safe Mode. This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support. Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. When the tool is finished, please post the entire contents of the log.txt file in the aproposfix folder. -- ============ MS-MVP 2004 - -2008, ASAP Member *Users Helping Users*
	to forum · permalink · · 2008-04-26 05:46:11 ·
fjr1966 join:2008-04-24 Dublin, OH	Spyware Doctor has been disabled whenever I am executing the instructions you have been providing me to this point. Items 1, 2 & 3 have been completed. Log from aproposfix.exe provided below. Thank you. ********************** Log of AproposFix v1.1 ******** Running from directory: C:\Documents and Settings\FRANK\Desktop\aproposfix ******** Registry entries found: ********** No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished!
fjr1966 join:2008-04-24 Dublin, OH	to forum · permalink · · 2008-04-28 19:58:46 ·


Wednesday, 20-Aug 18:49:54	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF