Windows auto update freezes pc so can't complete procedures to eliminate adware

Welcome to Major Geeks!

You need to follow the directions in the READ & RUN ME and attach the 6 requested logs. Even if you need to get them from safe mode, it is still better than no logs. We do not consider the READ & RUN ME completed unless the logs are attached as requested.

 

My last message said

And there are 6 logs requested. HJT is the last of them.

 

Re: HJT Log

There should be 6 logs! Thus I assume you mean the two online scanners did not work. Did you get an error message?

Thus far I see no major malware issues. Just a few steps from the READ ME that were not followed.

Viewpoint Media Player should have been uninstall in step 0!

You skipped or did not perform step 2 properly.

And then in step 6 you did not uninstall the below old Sun Java versions:
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_04

You can also uninstall CounterSpy now since we are finish with it. Then delete the below two folders which the uninstall may leave behind.
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

 

Re: HJT Log

You did not rename HijackThis.exe as is required. Not doing so will allow some forms of malware to totally hide.

I see a bunch of Norton/Symantec Services in your GetRunKey log. It appears that MSConfig is trying to control them. My question is why are they even there? You don't appear to have any Norton software installed. Did you have it installed at some point? Did you have some items disabled using MSconfig while you uninstalled it? That is another reason we recommend to not use MSconfig. It will cause uninstalls to be incomplete if the uninstall is performed while MSconfig is disabling services or startups.

 

Okay after following my other directions and addressing all questions. Continue with the below.

Make sure viewing of hidden files is enabled per step 2 of the READ ME!!

Did you install and do you use the Stumble&Upon toolbar?

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - (no file)
O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot in normal mode if possible! If not, use safe mode again!
Now run Ccleaner
Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Re: 05-12-2007 Today's remaining 3 logs

Did you complete the steps I gave you in all messages up to message number 12? It does not look like it. If not, please do so and then attach the logs requested in message # 12.

 

You still have not followed all of my instructions!

From step 2 of the READ ME, you stil have file extensions hidden.

You did not do what I gave you in message # 9 yet.

It also appears that you did not apply the fixMe.reg patch from message # 12. Did you do this? Did you get a success message or did you get an error message.

 

Re: Re #17

Run the fixMe.reg patch right now by double clicking on it and tell me everything that happens.

 

Okay then attach new logs from GetRunKey and HJT now.

 

Did you change the settings that were requested in step 2 of the READ ME? Your log now shows that things are all set incorrectly!

Your HJT log is from Safe Mode. You must be in normal boot mode. Maybe that is why you do not have the settings of step 2 from the READ ME anymore. I bet when you logged into safe mode that you did not use the same user account as in normal boot mode.

 

Were all the logs from safe mode?

And were they from a different user account than in normal boot mode??

 

That't not what I asked!

 

Still not what I asked! Are they from the same user account when in safe mode as in normal mode?

 

Then you are not fixing the account that we are trying to fix!!!!

Thus when you boot back into normal mode, and attach the same logs that I will still need. I will probably see that nothing had been fixed. Also this explains the reason for me saying the settings from step 2 of the READ ME are no longer correct. You never did them on the Administrator account name. You did them on a different account.

If the user account truly is an administrator account, then it will it appear in safe mode. The only accounts that appear in safe boot mode are the built-in account named Administrator and any accounts that you have created with administrator priviledges.

Attach logs from the problem account, in normal boot mode!

 

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Read all of the below before doing anything. I going to have you import the below registry patch into the registry in a different manner than the last time you did this. Also this is a different patch. You can overwrite the previous file with the same name on your Desktop.
Now Copy the bold text below to notepad. Save it as fixME.reg. Be sure the "Save as" type is set to "all files".

• Now open a command prompt Window by clicking Start, Run, and enter regedit and click OK. This should open up the Windows Registry editor
• Click File, Import.
• Then navigate to the fixME.reg file on your Desktop and double click on it to import it.
• You should be asked if you want to add it to the registry. Say yes!!
• You should receive a success message when it finishes! You must tell me if you get a success message or not!

Now delete the below file:
C:\1112.tmp

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

None of the items we just fixed have anything to do with bootup! Is this a new problem or were you having boot problems before.

Do you mean it will not boot at all? Or do you mean this user cannot login?

Does it boot in safe mode?

How far into the procedure did you get?


Also you did not answer my question as requested!!!!!!

 

This is not a malware problem and it has nothing to do with what we have been doing.

If you used your restore disk to return to factory defaults, then you should be back to the way your system was shipped. Thus anything that we did is totally gone anyway. Thus it sounds more like you are having a Hardware problem. Perhaps your monitor or your video card is the problem.

 

I cannot say for sure what you receive but yes email attachments can be malware!

 

Well than it does sound like a defective monitor. You would probably be okay if you just connected another monitor to the problem PC as long as its graphic card are not the root cause of your problems. How old are this PC and also the monitor. What graphics resolution mode and refresh rates were you using and was it compatible with your monitor?

 

Are you saying you got a new PC. No Microsoft is not causing this problem.

You're welcome.