Inactive Browsers keep crashing & slow explorer

Status
Not open for further replies.

kathpt

Posts: 10   +0
Hello.

Recently I noticed that my laptop takes 5 minutes to start. Windows explorer is super slow and it kept saying 'windows explorer has stopped working and needs to restart'. It doesn’t say that anymore, but it’s still SUPER slow. it used to be fast, and the hard drive is definitely not full at all. i have more than 100 free gb

Other problem, all my browsers keep crashing (i use MFF but i also have installed IE, safari and chrome). Sometimes they send a report, sometimes its just a ‘windows explorer has stopped working’ and it closes everything.
I ran cccleaner and it deleted all the cookies and temporary files and all that, and it’s still crashing.
What should I do?
Thanks in advance
 
Please re-post this in the Windows OS forum. Let them help you troubleshoot the system problems first. They can have you check the Event Viewer for corresponding errors to the times of the crashes or freezes. I'm going to give you a program to run and it will produce a log.

Please attach the new to your new thread in the Windows OS forum along with the description of the problem. Please mention that I have referred you there.

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

  • Select log to query, select
  • Application
  • System

    Under Select type to list, select:
  • Critical (Vista only)
  • Error

    Click the radio button for Number of events
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.

    Load the log
  • In Notepad, click Edit> Select all
  • Then press Edit > Copy
  • Press Ctrl+V on your keyboard to paste the log to your next reply.
(Courtesy rev-Olie)

You should run the scan in Normal Mode, not Safe Mode.
 
oh shoot, it won't let me run the thing because the default language of my windows isn't english. i'm going to use hijackthis instead, is that ok?
 
No, HijackThis does not do the same thing. Try this- it's low tech!

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES
  • You can ignore Warnings and Information Events.
  • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
  • You don't need to include the lines of code in the box below the Description, if any.
  • Please do not copy the entire Event log.

Errors are time coded. Check the computer clock on freeze.

Remember- you want to see if there are Errors that correspond to the times of the crashes and/or freezes so when it happens, check the time on the computer clock. Then look for Errors at the same time.
 
Did I do this right?

This is the one error that happened a few dozens in the last week.

Nome do registo:Application
Origem: Application Error
Data: 26-07-2010 00:29:15
ID do evento: 1000
Categoria de Tarefa:(100)
Nível: Erro
Palavras-chave:Clássico
Utilizador: N/D
Computador: kath-PC
Descrição:
Aplicação em falha crashreporter.exe, versão 1.9.2.3855, carimbo de data/hora 0x4c48ce3b, módulo em falha unknown, versão 0.0.0.0, carimbo de data/hora 0x00000000, código de excepção 0xc0000005, desvio da falha 0x00082058, ID do processo 0x13c, hora de início da aplicação 0x01cb2c513164b61e.
Evento Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-07-25T23:29:15.000Z" />
<EventRecordID>47036</EventRecordID>
<Channel>Application</Channel>
<Computer>kath-PC</Computer>
<Security />
</System>
<EventData>
<Data>crashreporter.exe</Data>
<Data>1.9.2.3855</Data>
<Data>4c48ce3b</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>00082058</Data>
<Data>13c</Data>
<Data>01cb2c513164b61e</Data>
</EventData>
</Event>

This one happened less times, but also in the last two/3 days
Nome do registo:System
Origem: Service Control Manager
Data: 25-07-2010 13:40:10
ID do evento: 7000
Categoria de Tarefa:Nenhum
Nível: Erro
Palavras-chave:Clássico
Utilizador: N/D
Computador: kath-PC
Descrição:
O serviço Parallel port driver falhou o arranque devido ao seguinte erro:
O serviço não pode ser iniciado porque está desactivado ou não tem dispositivos activados associados.
Evento Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-07-25T12:40:10.000Z" />
<EventRecordID>234642</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>kath-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Parallel port driver</Data>
<Data Name="param2">%%1058</Data>
</EventData>
</Event>

Also, the CPU is now running at 100% at all times and every window I open keeps flashing.
 
Please translate these for me:

Descrição:
Aplicação em falha crashreporter.exe, versão 1.9.2.3855, carimbo de data/hora 0x4c48ce3b, módulo em falha unknown, versão 0.0.0.0, carimbo de data/hora 0x00000000, código de excepção 0xc0000005, desvio da falha 0x00082058, ID do processo 0x13c, hora de início da aplicação 0x01cb2c513164b61e.

O serviço Parallel port driver falhou o arranque devido ao seguinte erro:
O serviço não pode ser iniciado porque está desactivado ou não tem dispositivos activados associados.

I don't need anything else in the Errors translated- just these 2 descriptions.

Please do this: Prepare you system like you would to shut it down-but don't shut down. Just close any programs, the browser, email>>>>
Right click on the Taskbar> Task Manager> Processes tab>> double click on the top frame of the CPU column. This will sort the numbers with the highest at the to:

The only processes that you should see using the CPU at this point are: System, System Idle and taskmgr. Those 3 should add up to 100%. There might be a process using 1 or 2 in CPU, but that's not what we're looking for.

Give me the name> spelling must be exact- of any other processes running other than the 3 I mentioned.

When you say the Windows are flashing, do you mean where they are showing on the Taskbar? Those are the Active Windows. Usually the flashing is to get your attention for something.
 
Descrição:
Aplicação em falha crashreporter.exe, versão 1.9.2.3855, carimbo de data/hora 0x4c48ce3b, módulo em falha unknown, versão 0.0.0.0, carimbo de data/hora 0x00000000, código de excepção 0xc0000005, desvio da falha 0x00082058, ID do processo 0x13c, hora de início da aplicação 0x01cb2c513164b61e.

Description: Application in error crashreporter.exe, version 1.9.2.3855, stamp(?) date/time 0x4c48ce3b, module in error unknown, version 0.0.0.0, stamp date/time 0x00000000 code of exception 0xc0000005, fault diversion 0x00082058, process ID 0x13c, starting time of the application 0x01cb2c513164b61e.

'stamp' might mean 'published', I am really bad when it comes to portuguese-english
translations even though I'm portuguese.

O serviço Parallel port driver falhou o arranque devido ao seguinte erro:
O serviço não pode ser iniciado porque está desactivado ou não tem dispositivos activados associados.

The service Parallel port driver failed its start due to the following error:
The service can't be initiated because it's deactivated or doesn't have devices activated and associated.

--

Taskmgr.exe remains on top of the list at all times, the rest keep changing places in the list, those are:
SIStray.exe
dwn.exe (this one using A LOT of memory)
explorer.exe
unsecapp.exe
wwwxbv32.exe
svchost.exe

I didn't spot 'system' and 'systemidle'

What I mean by flashing is that, when per example I look at the properties of any file, the little window that opens in the middle of the screen, flashes repeatedly to the point where I can’t even see the cancel button.
Also, I just remember that for a couple of days, when I pressed any accent button, I'd get a double accent ~~. It's gone now, though.
 
dwn.exe is the Desktop Window Manager : for effects in Vista>> "Transparent windows, live taskbar thumbnails (that you can resize now), and even the Flip3D switcher that you can disable and replace with Switcher."

You can look into that one and learn how to change the settings on this site: Howtogeek

unsecapp.exe is a process found on Microsoft Windows server and workstation suites which offers support towards compatibility issues.

wwwxbv32.exe is a bad guy and needs to be removed
SISTRAY.EXE - A tray icon that lets you set some features on SiS video drivers. ...
explorer.exe and svchost.exe are normal entries. I question why they are seen if you are prepared to shutdown. As far as I know, none of these would normally be using the CPU if you are shutting down.

For this: Error message on a Windows Vista-based or Windows Server 2008-based computer that does not have a parallel port: "The Parallel port driver service failed to start" see http://support.microsoft.com/kb/935497

I've done some of the work for you, but I did ask that you post the information in the Windows Forum as you got it. Have you done that? The language problem with your system makes it bit time consuming for me.
 
Thank you for clearing that up, for some reason I thought that all the Vista effects (dwn.exe) was included on the Explorer.

And how do I remove wwwxbv32.exe?

What exactly should I post on the Windows Forum?
In that page it says it's a bit dangerous to modify the registry if you don't know what you're doing. Is this error REALLY important that needs to be fixed ASAP, or the computer will still work 'fine' if I don't do a thing?
 
I would advise you to follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Please understand though that I will be looking for and trying to clean malware entries. This may or may not help the crashing problem and will only make a difference in the 'slow' problem if it's being caused by these entries.
 
Right after running Malwarebytes it asked to reboot and when the windows started, a pop up window said the windows had to block a few applications, I checked and the app it blocked was 'autoclk.exe', I googled and it seems it is a Trojan Horse. Should I remove it?

It also says that 'mychat bisonHK' does not have a classification, does that mean there's a problem with the registry?

What is 'erfi.exe'? Should I remove it? It's one of the blocked applications the Windows blocked after rebooting top complete mbam scan.

After installing mbam I noticed that there are shortcut icons everywhere, although they're not as clear as the other icons and when I click on them I get a message saying they're not available. Are they supposed to be there or can I just delete them?

mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4366

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

29-07-2010 17:08:34
mbam-log-2010-07-29 (17-08-34).txt

Scan type: Quick scan
Objects scanned: 138800
Time elapsed: 16 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\tmn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwxbv32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\tmn\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tmn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully.

I could not disable AVAST to run GMER because every time I did it, the system rebooted (this happened twice). Then when I tried with AVAST running, I got a lovely blue screen, twice. In other words, GMER crashed and caused a blue screen.
This was what was on the Windows report after the start up

C:\Windows\Minidump\Mini072910-01.dmp
C:\Users\tmn\AppData\Local\Temp\WER-104375-0.sysdata.xml
C:\Users\tmn\AppData\Local\Temp\WEREFF4.tmp.version.txt

Both DDS logs attached
 

Attachments

  • Attach.txt
    7.3 KB · Views: 0
  • DDS.txt
    20.8 KB · Views: 0
I had hoped you would go to the other forum as requested and try to get the system programs resolved. It appears that you don't plan to do that. There's not much point in trying to run programs if a system problem prevents it.
Your system has created mini dump files. These are special files that allow the person helping you to determine causes of problems. I don't do that in this forum.
C:\Windows\Minidump\Mini072910-01.dmp

You system is badly infected, so please run the following:
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Re-enable your Antivirus software.
===========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Asking me question about log entries slows me down and isn't going to help you.
 
Status
Not open for further replies.
Back