IE Slow to open and Windows Updates are not loading

I'm having a couple problems and I don't know if they are related or not.

The first thing I noticed is that IE takes about 5 minutes to execute the program. Once it opens, it appears to run normally but if you open a new tab or window, it repeats the 5 minute wait.

Firefox seems to be running just fine, so I don't think it's my connection.

The other thing is that I have a Windows Update that won't load. It's trying to load Microsoft Windows Installer 3.1. Once it fails it lists two Security Updates.
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB938127)
They are showing Error Code: 0x8007F0F4

I have run through all the cleaning steps listed here and I can't seem to isolate the problem.
These are the scans/cleaners I have used other than my AV which is TrendMicro PCcillin ver 12.
CCleaner
Spybot S&D
CounterSpy
Bitdefender
Panda Active
Getrunkey
Shownew
HijackThis

Please Help!

 

More logs

 

Hi DarthIbis!
Welcome to Major Geeks!

Did you get a log for Counterspy? Did it find anything? Did you have it fix what it found? Please post that log and do the following while we look at your other logs.

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Now scan with HijackThis and check the boxes for the following entries. I'll give you two sets. One to fix and one to think about fixing if they are things that you didn't put there.( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

abri

 

Hi Abri,
Sorry, I forgot to get the CounterSpy log. Here it is.

I ran the Disable Windows Messenger application and cleared the five files from HJT (Not sure what those 'dog' sites are.) I have attached the updated log from that as well.

 

Hi DarthIbis!
interesting name ...

Did you install the URL manager? What does it do? Also, did the problem with IE being slow to load begin after a recent installation of some piece of software? Plugins? Add-ons? Did it come about slowly or did it start quite suddenly? Before we go any further with instructions, could you go back to a restore point where you remember things working normally? Have you tried this already? If not, please try it now. After that, we can go back and pick up the other things that still need doing.

abri

 

I don't remember installing any URL manager. I'm not sure what the point of something like that would be. I usually keep URL information in bookmarks and try not to bog-down any of it with too much stuff. The only thing I can remember installing like that is IE Spell, Google Toolbar and I also have that Desktop Weather application from Weather Channel. Unless it has something to do with Aventail (which I use for a network connection with work.)

The problem seemed like something that suddenly appeared. I don't remember installing anything specific but since it's onset, I have tried to reinstall windows, and I also had to reinstall PCCillin because it wasn't working. I was using v14 (which was a resource hog) and when I removed it, I went back to v12. I also had to reinstall the Logitech drivers and HP drivers because those flaked-out on me as well. I noticed that IE will behave normally in Safe Mode (except for it being in safe mode) because apparently whatever was bogging it down wasn't loading.

Nothing I have tried as of yet will allow me to get the Windows Updates to work though.

I'm not sure if I am able to do a restore. Is there a way I can check to see what I have saved? What will that wipe-out in the way of data? I was obviously trying to avoid the nuclear option if possible.

Thanks, I have found it to be both unique and descriptive on the internet, taking its roots from (obviously) Star Wars, of which I am a fan, and the mascot of my Alma Mater.

 

Going back to an earlier restore point will uninstall any programs you've installed but leave all your data intact. Basically, it sets the registry back to what it was but leaves all your data as it is. You would lose your work downloading the drivers, but on the other hand, you might at the same time eliminate the need to redo the work. I will ask for a second opinion on this before any decision needs to be made.
abri

 

I'm not exactly sure how I would go about that.
I checked Accessories>System Tools>System Restore and it didn't have anything shown other than the last two days (Weird.) Is that where it would be or is it something else?

 

Hi Darthibis!
You will only have restore points back to the point where you redid Windows and that was after your problems started. Although this won't help you in hindsight, I use restore problems a lot that come up unexpectedly.

Have you seen this website? I don't know that it specifically refers to your problem, but the error code is the same one you mentioned.

See if that will help you. If it does, please post back to me before you continue with the following. If it's nothing helpful, please continue as follows:

1) Please go to add/remove programs and uninstall the following:

2) Then go to Windows Explorer and delete these folders if you find them:

 

No, my computer is not a portable or tablet. Just a regular Dell XPS600 Desktop, so it's always operating on AC and doesn't have a battery.

I will preform the steps when I get home this evening.

 

1)
Uninstalled all the Javas except 6 update 3
Uninstalled CounterSpy and Trend Micro PCCillin
Uninstalled Google Earth and Google Toolbar for IE
Did not see "Google"
Uninstalled URL Assistant and Virtual Earth 3D

2)
Deleted Viewpoint under /Jason
Viewpoint is also under All Users. Did not delete.
Deleted Sunbelt Software under All Users
Did not see Sunbelt Software under Program Files

3)
(No step three.)

4)
Windows Messenger CEIP was already turned off in a previous step.

5)
Ran ATF Cleaner for IE and Firefox.

Attaching Logs

Okay...
IE appears to be running at a "normal" speed now. It doesn't seemed to be bogged down.
But...
It still won't load the Windows update and give me the same result and error code... just doesn't take 10 minutes to do it now.

I can't remember installing anything on 10/20 other than the programs from this site. The problems were around prior to that though.

Here are some things I saw in newfiles1.log that look suspicious:

I don't know... these may be nothing and there may be others in there. My eyes started to go cross-eyed as I went down the file.

 

Hi Darthibis,
Please try reinstalling your antivirus now and see if the ie-loading problem comes back. If it still loads without the delay, then please keep it running. If not, please uninstall it again and replace it with a free version like AVG or Avast for the time being.
I'll get back to you about the rest.
abri

 

Hi Darthibis,

Most of the programs you mentioned are legitimate. Please check the following three and tell me what's in them if you don't recognize them. (Don't open any of the files, just look in the folder.) The WinBudget is adware and needs to be removed. wise Installation Wizard is a general application. It matters only what's in it. You can check that one too.
Did you install any of the following? If not, I will show you how to remove them along with WinBudget. If you don't use the Weather Channel, that can also be removed.

ArmyBuilderEX
SportsLine USA, Inc
MEDB.mdb

Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days.

"C:\Documents and Settings\All Users\Start Menu\"
desktop.ini Oct 5 2007 294 "desktop.ini"
hpdire~1.lnk Oct 14 2007 814 "HP Director.lnk" Hewlett Packard
micros~1.lnk Oct 19 2007 1576 "Microsoft Update.lnk"These 4 are all Microsoft
setpro~1.lnk Oct 5 2007 1617 "Set Program Access and Defaults.lnk"
window~1.lnk Oct 5 2007 1517 "Windows Update.lnk"
window~2.lnk Oct 5 2007 398 "Windows Catalog.lnk"
Quote:
Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days.

"C:\Documents and Settings\All Users\Application Data\"
desktop.ini Oct 5 2007 62 "desktop.ini"the layout of your desktop
hpzins~1.log Oct 14 2007 7538 "hpzinstall.log"Hewlett Packard
LAVASOFT Oct 16 2007 "Lavasoft"AdAware
qtsban~1 Sep 9 2007 1343 "QTSBandwidthCache"QuickTime
SECTAS~1 Oct 6 2007 "SecTaskMan"Security Task Manager
svclog.log Oct 23 2007 7310 "Svclog.log"Windows
Quote:
Locating all files created in C:\Program Files\ within the last 90 days.

"C:\Program Files\"
CCLEANER Oct 14 2007 "CCleaner"one of our recommended tools for keeping your computer clean
HIJACK~1 Oct 21 2007 "HijackThis"one of your scanning tools
JARMYT~1 Sep 12 2007 "jArmyTool"might belong to ArmyBuilderEX?
LAVASOFT Oct 16 2007 "Lavasoft"AdAware
SECURI~1 Oct 6 2007 "Security Task Manager"Hewlett Packard
THEWEA~1 Oct 4 2007 "The Weather Channel FW"safe Weather Program
WIE5D0~1 Oct 17 2007 "Windows Live Safety Center"Part of Windows
WINBUD~1 Oct 23 2007 "WinBudget"Adware
YAHOO! Oct 14 2007 "Yahoo!"some feature of Yahoo
Quote:
Locating all files created in C:\Program Files\Common Files\ within the last 90 days.

"C:\Program Files\Common Files\"
WISEIN~1 Oct 10 2007 "Wise Installation Wizard" what's in this?

 

Okay,
I reinstalled PCCillin and it seems to be operating normaly with no adverse effects to IE. Windows Update failures are unchanged.

ArmyBuilder and SportsLine should both be legitimate.
I like to have the weather desktop, but I uninstalled it until this is working again. (It's not harmful, is it?)
I'm not sure what MEDB is. I opened it up in text only and it looks like it just has music/audio files listed. Could it be just a database of one of these media players like Windows Media, VCast or Quicktime?

jArmyTool was something I installed, but I probably don't need it.
I don't know what Wise Installation Wizard is.

There may be more, but those were a couple of things (like Winbudget) that didn't look right. I'm never sure about the Microsoft stuff anyway.

 

Hi Darthibis!

Some of the things we've done in previous steps didn't seem to work or to stay. I'm not sure why. Please do the steps below and then post back the requested logs. I will have you reset your IE web settings.

1) Winbudget needs to be uninstalled. If it's not in add/remove programs, simply delete the contents of the folder and then delete the folder.

2) What is in this folder? (do not open any files) C:\WINDOWS\system32\bak

3) The Windows Messenger (not to be confused with MSN Messenger!!) is still showing as active. Please try running this tool to get it off your computer: Disable/Remove Windows Messenger

4) You mentioned that you'd already turned off the CEIP in Windows Live Messenger, but your newfiles.txt log shows that you are still getting all the sqm files.

5) The following items need to be fixed with HijackThis. I don't know why the whataboutadog came back but we have to find out why it's coming back. Something's putting it there and it's a known bad entry.

Now scan with HijackThis and check the boxes for the following entries[/b]:[/size][/font]
( Make sure ALL browser windows are closed when you click FIX )

6) Next Reset Web Settings & Default Security Settings[/color][/b][/size][/font]

For IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

For IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


7) Please run ATF Cleaner:

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


8) After you have completed ALL of the above in the correct order, please attach the following logs. Please tell me if installing any of the above had any effect on your problems. Also, if you can remember, please tell me what was installed on October 20th (Saturday). Was it only our programs or something else?

• ShowNew Log
• GetRunKey Log
• HijackThis Log

abri

 

Done. There were only three files in a 'bin' folder. They're all gone from Program Files now.

ctfmon.exe is the only thing in that folder.

I already ran it to disable... It wouldn't open from the start menu when I tried. I went ahead and ran messengerdisable again and uninstalled it this time.

The option is grayed-out in the toolbar. Perhaps I should uninstall it completely for now?

Alltel AKA Windstream is my telephone company and ISP. I would think that was part of the DSL installation.
Ran Fix for the other entry.

Done. Did the global reset for IE.

Done. Ran for both IE and Firefox.

Logs are attached to next post.

 

Here's the logs.

 

I tried to clean up from Add/Remove as well, but I saw some things that I wasn't sure about.

There are four entries for Microsoft .NET. Framework 1.1, Framework 1.1 Hotfix (KB928366), Framework 2.0, and Security Update for Framework 2.0 (KB928365)
Do any of these overlap or do I need to remove the older and/or obsolete ones like the Java apps?

There is an entry for MS Visual C++, but I don't remember installing it unless it came with office or something? Is there some way we can check it?

Uniblue Registry Booster.
I believe that I installed it, but it was possibly foolish since I know some of those programs are better than others. Should I uninstall it?

WexTech AnswerWorks.
Not really sure what this is.

 

My PCCillin just ran a security check scan and flagged the following MS Bulletins:

 

Okay,
I started manually running the security updates listed prior. I think I'm about half way through the list. I also did a manual install of the Windows 3.1 installer. It seemed to work, as now Win Update will actually tell me all the updates I need, but it still isn't installing them, so I've been doing them manually.

I'll try to finish the rest tomorrow. I think I've rebooted at least 30 times tonight.

 

Were you booting between each update? If so, it shouldn't be necessary to reboot for most of them. Also, are you having to install them one at a time? Or do you get a list where you can check off a bunch at once?

 

Okay, I removed Registry Booster and left everything else alone.

When I tried to do the automatic update, I got the same result with the error. I was downloading each one individually, searching for them by the MS#, and running them. Some would ask to reboot and others would not, so I was only rebooting after the ones that asked me to.

Do you know if there's a faster way to install them en masse other than the automatic update? It will download all the ones it says I need, but then won't install them giving me an error.

 

Alright,
I got all the updates loaded that were on the list. Still had to do them all manually, but hopefully once the gaps are filled in the security, we'll be able to see why IE isn't loading them properly.

Anyway, Microsoft Windows Malicious Software Removal Tool scanned my drive and said out of 600k files, one was infected and it said it was
Backdoor:Win32/Zonebac.gen!B
It did not remove it however. It said to use an Anti-virus program to fix the problem.

I did a complete scan again with PCCillin, and it didn't find anything.

I see that there is a chance that this is what is preventing my updates or whatever it's doing.

I'll run the three logs again and attach them to see what is different now.

 

Here are the logs.

 

Hi Darthibis!
1) Please go into your settings for Internet Explorer and see if you find *.whataboutadog.com in your list of trusted sites under the Security tab. If so, please remove it.

2) Now scan with HijackThis and check the boxes for the following entries[/b]:[/size][/font]
( Make sure ALL browser windows are closed when you click FIX )

After clicking Fix, exit HJT.

3) After that, please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


4) Please post a fresh HJT log.

abri

 

-Removed whataboutadog from trusted sites in IE options.
-Ran Fix for WinBudget in HJT. (whataboutadog wasn't there.)
-Ran ATF for IE and Firefox.

Here's the HTJ log:

 

Hi Darthibis!
I wanted to ask you to run the following. Part of what the trojan does which Windows Malicious Software Removal tool found is to take your legitimate files and move them to bak folders and replace them with their own files. I don't know if this will be the case with you, because although this backdoor trojan has been identified, your logs don't show the file that accompanies it. We'll try this. The last comment is important. Don't run any other options than the one listed here unless I ask you to.

Please download FindAWF and save it to your desktop

• * Double-click FindAWF.exe to start the tool.
  * Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
  * When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here.

**Do not run any other option unless directed to do so.**


abri

 

Ran #1 for AWF. Here's the log.

 

Hi Darthibis,
I'm sorry that the time is getting away. Before I have you run this tool all the way through, I want to make sure there isn't a step which needs to be done manually. One of the viruses which produces .bak folders, does so in order to hide legitimate files in them and then replaces the legitimate files in the original folders with bad files by the same name. If this is the case with your computer, then simply deleting the .bak folders will lead to the deletion of legitimate files and leave those behind which are bad. Until I've clarified this, I don't want to ask you to contune. I believe that this virus is the one that is behind your problems.
I will get back to you as soon as possible.
abri

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Pre-Instructions:
Please print out these instructions so that you can operate with All Browser Windows CLOSED.


Step 1:
Please download DelDomains and unzip it to your desktop. Do not run it yet.

Physically disconnect from the internet by pulling the cable!

• Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

Note: Since the Domains have to be removed, if you use Spyware Blaster, you must re-enable. Also, Spybot's Immunize feature will have to be used again if you use this.

Step 2:
Next, run CCleaner to clean up junk files.

• Running & Configuring CCleaner...

Step 3:
Next, we need to run FindAWF again.

• Double-click the FindAWF icon.
  • If you receive any security alerts and/or warnings please allow the utility to run.
• As instructed, press any key to continue.
  
• Use the following option: Press 2 then Enter to restore files from bak folders
  
• A text file opens called: files.txt
• Click below the line and paste the following list of files to be restored:

• Next, close and click Yes to save the changes.
  
• Once files.txt is saved, FindAWF does the following:
  • It attempts to terminate the process represented by each filename on the list, if running
  • Deletes the rogue file from the parent folder, if present
  • Copies the original file to the parent folder
• When done with the above, it automatically runs a new scan and opens a new log.
• Please provide the new FindAWF log in your reply.

Step 4:
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Step 5:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• FindAWF Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Okay guys,
I ran everything as directed. Didn't seem to encounter any problems along the way.

The first thing I did when I came back on was to go to Windows Update and try to run... same result as before.

I suppose I could go through and d/l all this stuff manualy, but there still appears to be a problem somewhere since none of these will load.

 

The other log file.

 

DarthIbis,

We have to remove your infections first, please do not do anything else until we get you clean. The more you do the harder it is for us to remove your infections. Also, please be patient with us as we are all volunteer, we come in when time permits.

 

We need to run FindAWF once more.

• Double-click the FindAWF icon.
  • If you receive any security alerts and/or warnings please allow the utility to run.
• As instructed, press any key to continue.
  
• Use the following option: Press 3 then Enter to remove bak folders
  
• A text file opens called: folders.txt
• Click below the line and paste the following list of folders to be removed:

• Next, close and click Yes to save the changes.
  
• Once folders.txt is saved, FindAWF does the following:
  • It deletes the contents of the bak folders
  • Removes the bak folders
• When done with the above, it automatically runs a new scan and opens a new log.
• Please provide the new FindAWF log in your reply.

 

Sorry if I was unclear. I had no intention of running anything else until we could get it fixed. I only went there to check the symptoms since you asked how things were running after the previous step. No complaints here about the speed of responses. I feel that we're getting close and you guys have been great.

Ran AWF #3 as requested. Here's the log.

 

Something didn't go right, try the below once more. Also, be sure you shut down any antispy and antivirus programs so it wont effect anything we try to fix.

We need to run FindAWF once more.

• Double-click the FindAWF icon.
  • If you receive any security alerts and/or warnings please allow the utility to run.
• As instructed, press any key to continue.
  
• Use the following option: Press 3 then Enter to remove bak folders
  
• A text file opens called: folders.txt
• Click below the line and paste the following list of folders to be removed:

• Next, close and click Yes to save the changes.
  
• Once folders.txt is saved, FindAWF does the following:
  • It deletes the contents of the bak folders
  • Removes the bak folders
• When done with the above, it automatically runs a new scan and opens a new log.
• Please provide the new FindAWF log in your reply.

 

I disabled PCCillin and turned off the DSL before running #3 again.

Here's the log, but I don't think it worked this time either.
I wonder if those files/folders are somehow write-protected, you think?

 

Download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Once you have completed the above instructions, follow the below to attach a fresh log.

• Please download FindAWF by noahdfear.
  • FindAWF.exe
• Save to your desktop.
• Double-click the FindAWF icon.
  • If a Security Alert shows, allow the program to run.
• As instructed, press any key to continue.
• Use the following option: Press 1 then Enter to scan for bak folders
• The scan may take a while, please be patient.
• When done, a text file, Find AWF report is produced.
• Please attach the Find AWF report in your next post.

 

Done. Here are the log files.

On a side note, that Corel program was a 30-day demo version that came with the computer and has since expired and pretty much useless. I guess we can nuke it if we have to since it's not really doing anything anyway.

 

Okay, that looks a whole lot better. If you want to, uninstall that since you mentioned it's expired.

Once uninstalled, reboot and attach fresh HijackThis, ShowNew & GetRunKey logs. I want to be sure all logs look good.

 

Alright,
I uninstalled Corel.
Here are the logs.

 

First, have HJT fix the below entries...

Second, we need to run Avenger once more just like you did before.

• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Once you have completed the above, run the below and attach one last log.

• Double-click the FindAWF icon.
  • If a Security Alert shows, allow the program to run.
• As instructed, press any key to continue.
• Use the following option: Press 1 then Enter to scan for bak folders
• The scan may take a while, please be patient.
• When done, a text file, Find AWF report is produced.
• Please attach the Find AWF report in your next post.

 

Done and done.

 

Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
3. If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger, the log (avenger.txt) and C:\avenger.
8. If we had you download any registry patches like fixme.reg, fixme1.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

The MS Windows Malicious Software Removal Tool scan came up clean this time, so it appears that one has been purged.

Automatic updates are still not installing though. I don't know if this is a software issue or malware issue.

 

Everything looks good so it's more than likely a Software issue. I would recommend posting in the Software Forum for this issue as your logs are now clean which rules out malware.

Good Luck!

 

Thanks, BJ. I will give that a try.

All your help is much appreciated.

 

Your Welcome!:major