Still need help... I think

Welcome to Major Geeks!

Please note that the READ & RUN ME does not ask you to attach a HijackThis log. The reason for this is the MGtools already gets one automatically and puts it into the MGlogs.zip file. This was explained on the download page.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\iifgeeb.dll
O2 - BHO: (no name) - {165717F9-F772-4122-88AC-12A9B946AC1C} - (no file)
O2 - BHO: (no name) - {B308FAE2-7D98-490E-B7BD-D079D7B2431D} - (no file)
O2 - BHO: (no name) - {DED0B266-CFDA-412A-ADC0-B8777C1A846D} - (no file)
O2 - BHO: (no name) - {FFB3DBF1-0397-4FEC-A99B-E3C2C39BDCDD} - (no file)
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O20 - Winlogon Notify: iifgeeb - C:\WINDOWS\SYSTEM32\iifgeeb.dll
O20 - Winlogon Notify: rmkrjyyi - rmkrjyyi.dll (file missing)

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

That's okay! We don't need the processDLL.exe log anyway for your problems.

There are many reasons for problems with Windows Updates. Most of them are not malware related. When we finish everything with malware, you can head to the Software Forum for this problem if it still occurs.

You logs appear to be in good shape now; however I question.

Somethng shows in your runkeys.txt log under the Haxdoor area but it is not Haxdoor. The trouble is that the service name is a little strange; but that does not mean it is bad. It just means I have never seen it and don't recognize it. Do you know what the below could be for?

 

If your PC is running okay, I would leave it alone for now.

So how are things working?


skytel.exe is for your Realtek sound card. It is the Realtek Voice Manager used by some of their audio chipsets.