winlogonupdate.EXE

hi, i am new here.
just wanna know if winlogonupdate.EXE is a legitimate program in my startup registry. the reason i ask is it is not recognised in my Tuneup Utilities startup manager as a trustworthy program. i also read somewhere that a .EXE, as opposed to a .exe is not to be trusted.
i have searched google for an answer, but not much luck on that front. another problem is when i run msconfig, i cannot see it on my list of startups. also, when online, just recently my browser has been freezing up for several seconds whilst scrolling or typing and even clicking links. do you think its related? or could it be a seperate problem. i have good spyware programs and run them frequently, but this thing is driving me mad!

if anyone can help me, i would be most grateful...

 

as not to confuse everyone, can i request this post be removed as its also been posted and dealt with at http://www.security-forums.com/forum/viewtopic.php?t=34259

thanks for the help you gave, and i know you will agree that removing this will be for the better.
thanks again jim

 

ok, problem fixed. if anyone else has the same problem here is a the fix.

Please boot into Safe Mode, go to HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each. (Do not be concerned if they do not exist)

C:\WINDOWS\system32\winlogonupdate.EXE

*******************************************

While in Safe Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [Microsoft Windows Logon Updater] winlogonupdate.EXE
Did you install Party Poker? If not, then fix it.
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'.

Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know. Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\system32\winlogonupdate.EXE <==file

If you have decided you do not want PartyPoker, the delete the folder
C:\Program Files\PartyPoker\ <==folder

*******************************************


Let's empty the temp files:

Download CCleaner and install it. (default location is best).
Select the Windows Tab, Run CCleaner, (click Run Cleaner (bottom right) then, when it finishes scanning click Exit.)
When you see "Complete" on the top line, it's done. It's very fast.

I recommend that you DO NOT run anything under the Issues button and the Applications Tab. Uncheck everything under the Applications tab.

*******************************************


Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
_________________
Well, he seemed so low that I couldn't say no; then he says with a sort of moan
It's the cursed cold, and it's got right hold till I'm chilled clean through to the bone.