All browsers crashing

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lindyhopkins, Dec 21, 2009.

  1. lindyhopkins

    lindyhopkins Private E-2

    Thanks to all who generously give up their time to help us with these problems!

    My browsers are continually freezing, crashing, often requiring me to completely reboot. I use Chrome, IE and Firefox and they all have the same problem. I have Windows XP.

    I have done all the Malware Removal steps and cleaning procedures. None of the tools seem to find anything. Sometimes running the tools helps the problem for a few days, but it returns. I ran all the tools a few days ago, though, and nothing changed. Browsers are continually stalling and crashing. Sometimes I can browse for a while, but eventually it freezes. Sites like Youtube or Hulu crash it automatically.

    I don't know if this is related, but I have a major typing delay on my computer as well.

    I have attached my logs. Not too advanced on the computer lingo, so try to take it easy on me. Thanks in advance.
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm not noticing anything in your logs yet. Your problems may not be due to malware. However please run ComboFix as instructed in the READ & RUN ME and attach a log from it.

    I will take a more detailed look thru your MGtools logs now, but your problems may be Windows related.
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I just noticed that while you do not have ComboFix.exe on your Desktop, you did run ComboFix back on Dec 1st. What forum were you working at then?

    Please attach the C:\ComboFix.txt log from Dec 1st.

    I also see that you have "SystemSuite 7 Professional" installed. I belive this has an antivirus, antispyware, firewall, and several other utilities. Is this correct?

    I also see CYBERsitter 10 installed. Do young people use this PC and is that why this was installed?
     
  4. lindyhopkins

    lindyhopkins Private E-2

    Thank you for taking up my post!

    I originally ran all my scans and posted my concerns to the Software forum, but they redirected me here. I cannot find my Dec 1 Combfix scan. Combofix uninstalled itself (I think) when I tried to run in a week ago when it was unavailable. I downloaded it again and attached my scan from this morning.

    SystemSuite 7 is an anti virus package with several utilities, but the firewall has been disabled for over a year and I no longer subscribe to its antivirus updates. I don't really use the other functions.

    Cybersitter was installed on this computer but I thought I uninstalled it quite a while ago, as it was interfering with my work. When I open "Add or Remove programs" it does not appear.
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then I suggest that you uninstall it immediately since an out of date AV is of no use to you and this one was not very good to begin with and may even be causing you problems.

    We will attempt to finish removing left overs manually.

    Did you knowingly install Swag_Bucks? If not, I recommend uninstalling it. And even if you did, I still recommend uninstalling it. It is not considered something safe to use.

    You have Symantec leftovers. Please run the below then reboot. After reboot run it one more time.

    Norton Removal Tool (SymNRT)



    Uninstall the below old versions of software:
    CYBERsitter 10 <-- if not found or it will not uninstall, just continue on
    Java(TM) 6 Update 16

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O23 - Service: Communication Services (CCOMSVC) - Unknown owner - C:\WINDOWS\CComSvc.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    After clicking Fix, exit HJT.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Steph\Local Settings\TEMP

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  6. lindyhopkins

    lindyhopkins Private E-2

    Chaslang,

    Thank you thank you for your work! I still can't believe you major geeks! It is just awesome...

    I followed your instructions and attached the logs. However, there hasn't been a large change in my computer's browser performance. I was just trying to upload some pictures and it crashed about six times.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    As I stated earlier, your PC showed no signs of malware. We were just trying to cleanup some unncessary stuff. You will likely have to work thru your crashes in the Software Forum where you should attach an EventLog showing the application crashes.

    There are a couple more things I would suggest you do first.

    You duplicate startup entries for Comodo Firewall so let's remove one.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

    Also you can optionally fix the below unnecessary startups.
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

    After clicking Fix, exit HJT.



    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds