Online scan and winlogonhook

Hi,

PayPal did not pay on a purchase, PC behaving normally.

Ksapersky reported 'winlogonhook'
TMHousecalls - no win...
Bitdefender - no win...

TMHousecall (after recommended MajorGeek Clean up) nothing


Frankly I'm at a loss ...

Thank you

 

Hi littlebylittle,
Welcome to Major Geeks!

Please attach the MGlogs.zip which you can find as a file directly under C\

Thanks.
abri

 

Will do

 

Hi littlebylittle,

Your MGlogs.zip are incomplete. It should contain a set of 4 or 5 logs, but yours only contains one. One reason for this is that you may not have let the scan run to completion. Please go to Windows Explorer and look for the MGTools folder under C:\

Open the folder and find GetLogs.bat
Run this by double-clicking on it. When it's finished it will say something like hit any key to close the window.

Then come back here and post a brief hello, go then to Manage Attachments and look for the new MGlogs.zip which will be located as a file (not a folder) directly under C:\

Upload it here and remember to click on Submit Reply.
Thanks
abri

 

Hi,
Hope this is right.
Thank you

 

Hi littlebylittle,

1) Go to add/remove programs and uninstall the below:

- Java 2 Runtime Environment, SE v1.4.2

2) Reboot after uninstalling the above.

3) Install the current version of Sun Java from: Sun Java Runtime Environment

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - Startup: PowerReg Scheduler V3.exe
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)

After you click fix, just close hijackthis.


6) Download and install Erunt. Use it to create a backup of your registry.

7) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

8) Now run CCleaner at the default setting with the Windows tab as the top one.

9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip and let me know if you got a success message when you ran the registry patch?


Let me know how things are running now?

abri

 

Hi Abri,
"...success message when you ran the registry patch?"
Yes.

"Let me know how things are running now?"
Performance is faster.
Some files types are grayed out...
hpothbo7.tif
Thumbs.db
Desktop.ini

Is this normal? Should I leave these alone?

Also, when running 'Disable/Remove Windows Messenger' the hide button for OE was checked when I chose to 'remove'. I don't use this email program, is there a way to delete it OE and/or should I re-run 'Disable/Remove Windows Messenger and uncheck that 'hide...'?

Thank you

 

Hi littlebylittle,

The file types you indicate showing as grayed out are files which do not normally show up at all, because the default setting in Windows Explorer is to hide certain file types. If you want these to be re-hidden, go to Windows Explorer > Tools > Folder Options > View and tick Do not show hidden files and also tick Hide Protected Operating System Files. If you want access to these files, then you have to change the access permissions in the properties window for the files. This is not necessary unless you need it and can cause unnecessary risk in your computer.

Windows Messenger and OE are both part of Windows. Since there are programs included with Windows which people don't use, an extra button has been included in the add/remove programs window called Add/Remove Windows Components. When you click on this button, it will take you to a list of programs which where you can uncheck those you don't use and they will go into an inactive state for your computer. If you change your mind and want to use them, you can get them back the opposite way, by putting a checkmark next to them.

Windows Messenger has been included with most recent versions of Windows and it was originally designed to have a confusingly similar name to other Microsoft messengers, including having the same icon. It's an in-house messenger which was created to be used by home networks. Very few people use this and it is an entry point for malware, which is why we ask that it be removed using the removal tool. The easiest way to get rid of OE is to go to the button in Add/Remove programs describe above where you will find a number of programs which can be unchecked from your system. I'm not sure when you do this, if you are doing anything different than what you've done by leaving the hide button checked for OE in the Windows Messenger Removal tool. I'll try to find this out.

Your logs are clean. We did remove one malware file. If you're having some further indication of malware, please let me know before you continue with these instructions:

 

Hi Abri,

"Let us know how things went!"

PC seems to behaving normally, but it was normal before, ( "...10 types of people..." Strange because apparently I did indeed have malware, truly insidious. Makes a body want to go Mac.

By the way, there was no 'Hijackthis' in Add/Remove

<stands up and applause>
Abri and all the wonderful folks at MajorGeeks.

Finally ya'll will be getting very busy (as if not already...lol) soon because littlebylitte is spreading the word.

Thank you Abri

Thank you MajorGeeks for your foresight in creating this wonderful site.

 

Hello Abri,

Forgive my rudeness, do you accept payment or tips? Perhaps there a charity that I may donate to, in your name?

Thank you

 

Hi littlebylittle,

Thanks for passing on the good word about the site. Any way your money goes towards making the world a more kind and rational place would be a form of payment I could appreciate. Thank you.

All the best to you.
abri

 

Hi Abri,

What a wonderful person you are.

A donation to a local animal shelter has been made in your name and MajorGeeks.

Again, my thanks.

 

Thanks!
That made me smile
abri