Winlogonhook

Welcome to Major Geeks!


Is your copy of Spy Sweeper a paid version or a free trial?

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

You should also uninstall ewido anti-spyware 4.0 which was discontinued long ago and replaced by AVG AntiSpyware.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Policies\Explorer\Run: [{58FB4F3F-063A-1033-0514-040306270001}] "C:\Program Files\Common Files\{58FB4F3F-063A-1033-0514-040306270001}\Update.exe" te-110-12-0000213
O4 - HKCU\..\Policies\Explorer\Run: [{58FB4F3F-0256-1033-0514-040306270001}] "C:\Program Files\Common Files\{58FB4F3F-0256-1033-0514-040306270001}\Update.exe" te-110-12-0000213
O20 - Winlogon Notify: wingmo32 - wingmo32.dll (file missing)

After clicking Fix, exit HJT.


Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Your PC lost the Windows File Association for .REG files. Let's fix it.

Now Copy the bold text below to notepad. Save it as RegFix.reg to your desktop. Be sure the "Save as" type is set to "all files". Then Click Start, Run, and enter regedit and click OK. This will open the Registry Editor.

In the Registry Editor click File and Import. Navigate to the RegFix.reg patch you saved on your Desktop and double click on it. Click OK at the prompt to add to the registry. Do you get a success message for this?

Then retry the fixME.reg patch and continue on with the rest of the instructions.

What happens? Do you get any error messages?

 

Okay then import it into the registry the same way as RegFix.reg Do you get a success message.

This error was described in the Using MGtools link in the READ ME. You do not have the .NET software from Microsoft installed.

 

Please be careful to say exactly what you mean! I assume you mean that Internet Explorer does not work. Explorer means Windows Explorer to us. What exactly happens when you use Internet Explorer? This may be more of an issue for the Software Forum. You should take a look at this: http://support.microsoft.com/kb/318378

Yes try Mozilla FireFox and tell me if it works.

 

Are you sure that you are not blocking IE in your firewall? Shutdown ZoneAlarm and see if IE works.