Member Panel

Oender

Originally Posted by joe5

give this a try:

Please download Process Explorer by Systernals from HERE.

DONE

Also make sure you still have KillBox by Option^Explicit from Killbox.

DONE

Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up).

Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of desktop(2).ini once and then click the kill button.

I can not find any instance of ]desktop(2).ini

After you have killed all of the desktop(2).ini's under winlogon click OK.

I can not find any instance of ]desktop(2).ini

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of desktop(2).ini then click the kill button.

I can not find any instance of ]desktop(2).ini

Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following:

HJT can not remove the lines:

O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini

Then i perform a manual search of both files, XP didn't
find anything.

Now click fix checked and close HijackThis.

Then still in safemode Start Killbox and place a tick next to [x]delete on reboot.
Copy this list into the windows clipboard:

C:\WINDOWS\system32\desktop(2).ini
C:\WINDOWS\desktop(2).ini

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.

nothing to delete here...

Exit Killbox and restart your PC.

If that doesn't work the please run an online scan here:

http://www.pandasoftware.com/products/activescan.htm

test running now, ends in 5 hours!!!

And post the log of it , also post a new hjt log after that.

Sure, I also uninstall Kaspersky antivirus, and McAfee antispyware, then reinstall Avast antivirus 4.6 Pro. The computer is running find. I think the pest has gone, i do not know why HJT still show those references. The only bug is that messenger still goes offline some times...

I will upload my hjt log after panda ends.

thnks!!!

Henning

joe5

I dont think there nasty anyway. But you could have a look if a registry scanner cleans them. See for links to two free registry scanners in the "Tools" link below.

Let's see if Panda finds anything.

Oender

Originally Posted by joe5

I dont think there nasty anyway. But you could have a look if a registry scanner cleans them. See for links to two free registry scanners in the "Tools" link below.

Let's see if Panda finds anything.

Hello all, i have a lot of work, i think all my spyware problems gone, this forum has a very HI tech level to solve any kind of prroblems, im very happy beeing part of this supreb comunity.

Merry Christmas 2 all and a great New 2006 Year!

Henning

joe5

Glad i could help you. And best wishes to you too.

Marked as fixed.

ladygreenwitch

:hello2: Yay!!! Great job Oender. Glad we could be of service, and of course, Joe ROCKS!!!

Have a super Holiday. See you in the forums, and don't forget to recommend us to your friends and family.

TTFN

LGW