Unknown Problem With Winlogon.exe

Re: I was told to post here before returning elsewhere...

Notice the entry for the C:\WINDOWS\System32\syscfg32.exe file I had you looking for awhile back.
O23 - Service: Configuration Loader - Unknown - C:\WINDOWS\System32\syscfg32.exe (file missing)

Use HijackThis to fix the above line.

Do you know what this ServiceChat2.exe program is?
O23 - Service: SecureNetworkChatService - SecureAction Research, LLC. - C:\Program Files\Secure Network Chat\ServiceChat2.exe

Please download the following tool: Pocket KillBox

Run Pocket Killbox and choose the Delete on Reboot option. Navigate to
C:\WINDOWS\system32\ycirkk.exe
and press the Delete button (red X) and then Yes or OK until your machine reboots.

After your machine reboots, use Windows Explorer to navigate to C:\WINDOWS\system32 and make sure the ycirkk.exe file is gone.

Let me know if this works.

 

Re: I was told to post here before returning elsewhere...

I had only asked:

"Do you know what this ServiceChat2.exe program is?" I was saying to delete it. Hopefully it is not something you need.

Open a command prompt window. Click Start, Run, and enter cmd and click OK
Now in the command prompt window enter the following commands each followed by the Enter key.

attrib -r -h -s C:\WINDOWS\system32\ycirkk.exe
notepad C:\WINDOWS\system32\ycirkk.exe

If the file is found it will come up in notepad looking like a bunch of jibberish. Hot CTRL-A to select all of the contents and hit the Delete to delete the contents. Now click File and Save (yes we are saving an empty file.

Now in the command prompt window enter the following and hit enter
attrib +r +h +s C:\WINDOWS\system32\ycirkk.exe

This file should now be Read Only, Hidden, and a System file. Maybe this will prevent it from being recreated. Let me know if you are able to do all this without any error messages and if it works.

Post a new HJT log!

 

Re: I was told to post here before returning elsewhere...

Well we finally got rid of that file. Your log is clean now. Any problems remaining?

You should follow the steps here to help avoid future problems: How to Protect yourself from malware!

 

Re: I was told to post here before returning elsewhere...

I have a question for you. Back in message number 47 you said,

How did the O1 lines finally get fixed? Did you goto the site I gave you in message #46 and run their procedure or was it due to deleting the file I told you to delete followed by running HJT version 1.99.

 

If you remove userinit.exe from your PC, you will no longer be able to boot and login. It is a valid and necessary Windows program. If it were not in system32 or if it had certain additional items after the comma, then there could possible be a problem.

So DK you better not delete C:\WINDOWS\system32\userinit.exe because if you do you are going to have problems and will need to boot into the Recovery Console to try to get your system to work again.

I hope you read this before you disconnect.

By the way, what did this have to do with Jdban's problem?

 

Re: I was told to post here before returning elsewhere...

You more than likely need to reinstall your drivers. I'm surprised that the hardware is not detected by Windows. You do have the Nvidia service running which is good:

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

Yes Giant has been acquired by MS. They see that there is a huge marked in the spyware world due to all the idiots creating malware.

Read my other message again. Userinit.exe located in the correct directory and when it is not followed by a comma and certain other programs, is not a problem. However this variable UserInit = is quite often not set to C:\WINDOWS\system32\userinit.exe
That is when problems are real obvious. Like when it gets set to C:\WINDOWS\system32\waupdater.exe (a well known big time problem especiailly if not fixed correctly).

I think you may have misread what Giant stated.

If you are having problems, you should begin your own thread for them.

 

That could be due to many reasons. Noisy phone line. Bad connection to you ISP's modems. Incorrect provisioning which mismatch you to your ISP. These are not normally problems caused but malware. It is normally a hardware or configuation issue (or as I said a noisy phone line). Look at your documentation and try resetting to factory defaults. Also could try installing new drivers if any are available.

You may have more luck asking some questions in the Hardware or Software Forum (try Hardware first). Sorry but we need to stay on track in this forum with Spyware/malware issues.

If you cannot get any help over in the other forums come back and I'll see what I can do.