winini.exe do i need to, and if so how do i get rid of this

Welcome to MG's.

Please complete the remaining step of the READ & RUN ME and attach the BitDefender log (if it shows anything) and also complete step 7 and attach the HijackThis log.

 

You have not installed HijackThis properly per step 7 of the READ ME but right now it does not matter since there is no real malware showing in your log.

I also see no signs of any winini.exe process running. Where are you seeing this?

 

What items were you previously not loading?

And define in greater detail what you mean by "chaos"?

What is the below process for? Is this some junk from your ISP?
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay

Also is the below something you added for your ISP?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy/:8080

Do you use the Viewpoint and Real Player programs?

Have you tried booting in safe mode and deleting the the winini.exe file? Make sure it is not Read Only.

 

I only mentioned two things. One of them was SSRunScript.exe. So is it part of your ISP or not? I would think so. You should ask them if those lines are actually needed.

 

I don't know what it is! It looks like it is used by your ISP to run a script after startup of your PC to verify your connection. I'm not sure why they always need to do this everytime you boot your PC but I guess that is the way they work.

What's the story with winini.exe ? Did you find it and delete it in safe mode or not?

 

Please download GetRunKey125b.zip to your PC someplace you can locate it. Then extract the files from the ZIP. Locate the getrunkey125b.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) . This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment.

These scan will only take a few second to run. It will take longer for you to attach than it does to run.

 

Question: Is this PC on a network with other computers? If so, you better run all cleaning procedures on all of them.

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now Download
- Pocket Killbox

Now run Pocket Killbox and extract it to its own folder. Then run killbox.exe.

Now highlight the lines below and press the Ctrl key and the C key (CTRL-C) at the same time to copy them to the clipboard:

C:\WINDOWS\winini.exe
C:\WINDOWS\System32\winini.exe

Now go to the Killbox application and click on the File menu and then select the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you click the dropdown arrow by this box you should see the other file. Make sure that they are both there.

Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your system will reboot now.

After reboot attach a new HJT log and also tell me whether you still see the winini.exe file. If so, where do you see it.

 

No! Just complete the steps! And let me know the end result.

 

But you did not tell me the end result! What about the winini.exe file?

 

Okay! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely.

 

In only 15 days????

Not sure what's up! But yes it would be best to start over.

Did you install Firefox and are you using it? If not, try it and tell me how web pages load.

 

Just run with what you have and if you cannot do the online scans make sure you tell me.

 

As I said in msg # 29, just run with what you got and attach all logs that you can get to run.

 

There really is not too much showing in your logs but you can do the below.


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
And if you do not know what the below is for add it to the fix list too.
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://210.134.20.21/kxhcm10.ocx
After clicking Fix, exit HJT.

You may want to try using another browser like FireFox from the How to protect thread and see if it works any better.

 

So is everything working okay now?

What version of FireFox are your running?

 

That's the reason you need to click on the links we give in our procedures. You cannot assume you have the correct version. FireFox is on 1.5.0.1 ! You need to update. If you are so far off with this, it make me wonder whether your other tools are really current.

Get this: Mozilla FireFox

You should have follow all the steps in the How to protect thread and click on all the links to check them out!!!!

 

LOL! Yep!

Are you still having problems?

 

Perhaps you just do not have things setup properly thru ZoneAlarm. It will not matter what firewall you have if you do not set things up properly for all your applications. Actually I prefer ZoneAlarm and it is really one of the easier to setup and configure. Many things are auto configured for you. Others are not so automatic.

You could try one of the others in the How to Protect yourself from malware! thread! Personally I would use Sygate anymore since it is no longer supported and it can be a pain setting it up correctly. ZA is still the easiest. Are you using the free version? Maybe you should just uninstall ZA, reboot, download the latest version and reinstall ZA.