Browser Problems, Can't Complete Malware Scans

Discussion in 'Malware Help (A Specialist Will Reply)' started by punkette, Jun 27, 2010.

  1. punkette

    punkette Private E-2

    Hello to my favorite geeks! I'm not sure if I have malware or other issues, but I'm hoping you can help me.

    I've been having trouble with Firefox for many months. It used to hang, then started crashing frequently, then would crash upon opening even in safe mode. I tried creating a new profile and uninstalling and doing a clean install, all without effect. We switched to IE against my wishes.

    This week I tried installing Google Chrome. It installed but promptly crashed. Tried reinstalling without luck.

    I went through the Malware Removal steps and the Windows XP cleaning procedure a few days ago. I could only get through SAS by unchecking the Scanner Options, but no threats were found in it or MBAM. Ran Combofix. RootRepeal had two error messages: "invalid PE image found" but scan continued, then crashed with this error: "Exception Address: 0x004ecal19."
    MGTools downloaded and the .exe file created a folder in my C drive, but the batch files didn't auto start. Tried double-clicking the "GetLogs.Bat" file but it didn't work, either.

    BUT Firefox and Chrome both were working again so I thought my problems were fixed. I thought I'd make some security changes so I uninstalled Symantic Antivirus and installed Avira Antivir instead. It didn't like my PCTools Firewall so I uninstalled that and installed Comodo's Firewall. I also downloaded Spybot S&D and Spyware Blaster, uninstalled RoboForm and downloaded LastPass, uninstalled other programs I don't use after doing some research, and stopped some startup processes with help from bleepingcomputer.

    And after all that Firefox and Chrome were again crashing on startup. I ran the Malware Removal steps again (sorry if I shouldn't have--just thought a lot may have changed). This time SAS found 2 items as did Combofix, and RootRepeal and MGTools had the same errors/problems as before.

    Attached are my most recent logs. Please let me know if the SAS, MBAM, & Combofix logs from earlier this week would be helpful. I would so appreciate your help!

    Thank you,
    Debbie
     

    Attached Files:

    punkette, Jun 27, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes please. Attach those too. Now I would like for you to get MGTools.exe run one way or another because without seeing logs from that I am not able to fully rule out malware's presence on your system.

    Try renaming MGTools.exe to 123.com and try running by double clicking it's file.

    Now failing that, reboot into safe mode and try running it with or without the rename.
     
    Kestrel13!, Jun 28, 2010
    #2
  3. punkette

    punkette Private E-2

    Reanaming MGTools worked; that log is attached.

    But now that I look for them it appears I deleted the three logs from earlier this week once I thought problems were fixed. Stink! Hope you can still see what you need to.
     

    Attached Files:

    punkette, Jun 28, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, not seeing any malware in those logs. You can visit the software forum for further advice on browser crashes. :)

    However you ARE running two anti virus from what I can see which is a terrible idea. Uninstall one immediately and see if that improves your situation any.

    It is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Last edited: Jun 28, 2010
    Kestrel13!, Jun 28, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds