desktop.exe

[Guest_Kim]

Hi!  First, thanks for posting the info on the desktop.exe problem.  The descriptions listed are exactly is happening with my laptop.  

We have Spybot Version 1.2 and Ad-aware Version 6.0.  I downloaded HijackThis and ran it, HOWEVER for some reason the machine is not recognizing the WRITE portion of the CD drive, therefore, we are unable to get you a copy of the log.

Is there anything you can do to help us?

Thanks,
Marc and Kim

[guestolo]

Hi Marc and Kim
Can you try this for me

Can you get online with this laptop
If you can, try this
Can you Download Hijackthis 1.99
A small utility to help identify if any Hijackers, Malware, Spyware, etc.....Reside on your computer

Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Download Hijackthis from CLICK HERE or CLICK HERE
Save it to that new folder

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

Let me know, can you accept email .exe files, I can mail the program to you if you can't get online with your browser
EDIT>>>If you have Internet connection

Try not to run Hijackthis from a CD
Save it to a Permanent folder on your laptops harddrive

[Guest_Kim]

Wow, thanks for responding so quickly.  

We have already downloaded V1.99 of Hijackthis and installed it in a permanent folder.  We have run the scan and saved it.

We can NOT access the internet with the laptop as the desktop.exe appears to be preventing AOL (our ISP) from operating.

Any other suggestions?

[guestolo]

Do you have access to Outlook Express or another email client you can email me your
Hijackthis log

I can supply my email address here for a short time
Email me the log if you can

If you register, I can PM you my email address, you won't be able to use the one I supplied to the forum

[guestolo]

You can see that I'm online with you
If you look at the bottom of this thread it will show 2 users reading this topic

EDIT>>be right back
15 minutes

We'll figure out something, no worries

[Guest_Kim]

Believe me, if we could get online with the laptop, we'd post the log immediately.  Unfortumately, AOL is our only connection to the internet and the laptop is completely locked out of access.  I don't know what to do.....is there something specific we could try without you seeing the log?  I suppose I could hand-type it all into this forum.....

There are a couple of registry entries pointing to New.Net.Startup that are suspect.  Could these be part of the problem?  I have the laptop right here and could answer any questions you may have..

[JaxUnicorn]

Hi.  I have registered under the user name JaxUnicorn.

[guestolo]

Yah Kim, there is something you can do for me
Can you Access your Add/Remove Programs and remove New.net Application or New.net Domains

Restart your computer afterwards
Let me know if you can get online afterwards

If not keep letting me know what you see in your log

Just let me know the 04 entries

EDIT>>>Hi JaxUnicorn

If still not Online
Could you download LSP fix.exe
On the computer online
Transfer it to the other computer
Make sure you save it on the hard drive, don't run it from CD

Open LSP fix>>>Let me know what you see on the KEEP side
Also let me know what you see on the REMOVE side

Close out of there for now by using the X at the top

[JaxUnicorn]

Ok, thanks for the patience.  We did not see any New.net applications or domains in the add/remove programs section.  Hubby thinks a program called iSearch Firefox Installer may be part of the problem since he's deleted it several times and it keeps coming back.

Will type in some of the 04 entries for you in my next post.

Kim

[JaxUnicorn]

Ran LSPFIX

On the KEEP side:  mswsock.dll, winrnr.dll and rsvpsp.dll
Nothing on the REMOVE side

You still want the 04 entries from HijackThis?

[guestolo]

OK hold on, download this uninstaller and transfer it to the other computer, with LSP fix to the computer online

To get this link to work properly you will have to Right click on it
Copy Shortcut
Paste it to IE's address bar and then click GO

Or if using Firefox Copy link location and paste to the address bar


Removed Link

Save the uninstaller to the desktop and run it>>follow the prompts and then restart your computer
Let me know the info from LSP fix also >>>thanx for the info

Be back in 15

[JaxUnicorn]

Unstaller ran and LSP Fix ran again.  No difference.

[guestolo]

OK try this, Nothing showing bad in LSP fix

But if you could
Open LSP fix, but this time click the FINISH button

RESTART your computer
If no go I will have to know what's running on your system

Here's an example from your log I've what I need to see

I don't need to see all the running processes
like this

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe

Those running processes are ok, but let me know what others
 you have

You don't have to type them all out but as an eg....

System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe

Could you do something like
In this folder
system32
I have spoolsv.exe
svchost.exe
lsass.exe
.................................

Remember the above ones I don't need to see right now

Other
The R0's and the R1
Again you don't need to type them all out but let me know where there directing too
EG..R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Let me know what address there linked too

The 04 entries are important to see
Eg.... O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

I don't need to see legitimate ones, unless your unsure

The 04 you could put in like this
Grisoft\AVGFRE~1\avgemc.exe
Program Files\SpywareGuard\sgmain.exe

Also go to Add/Remove Programs via Control Panel
Anything out of the Ordinary you don't recognize post it back

You don't have a USB thumbdrive do you, something that may work besides the CD
 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

[JaxUnicorn]

We finally got it!  Thanks for your help!!

[guestolo]

Can you post a Hijackthis log?
You may be missing something malicious

Your versions of Spybot and Ad-Aware are way out of date

[Joeweeda]

I received the signal boosters and they work, my phone has great reception now, even on the 30th floor of my condo! I chose the Tungsten T5 PDA. My name actually appeared on the list within 48 hrs as noted. Now I can't wait to receive my free gift, I told all my friends about this site http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

http://www.power2source.com/index.php?ref_id=2058