Laptop weirdness

I try not to bug you guys too much with weird issues I run into with the clients I support, but I'm a little stumped here.

I had a client with a laptop that was clearly infected. I ran my usual battery of scans (CCleaner, Malwarebytes, TDSSKiller, and a couple others) and cleaned out a TON of files in addition to removing dozens of infections (I can't recall now if TDSSKiller found any rootkits - I don't think it did). I followed that up with a look through a Hijack This log and didn't see anything sketchy.

So now the computer seemed relatively cleaned up and this is usually enough in most cases. The problem is her computer is acting weirdly when getting online. It's not acting weird in terms of redirects or popups or that kind of stuff. It just seems to...stop.

For example, I'll bring up the browser, log into her GMail account, maybe click on one or two things, and then it just halts. I can't click on anything. When I click on "Compose," I start to get the regular compose window, but it doesn't come up fully. All I'll see are the icons on the bottom like "Send" and the fonts icon and trash. But that's it. Nothing goes.

I've tried everything. I ran combofix, which is usually a hammer that gets the job done. I checked the hosts file. I created a new user account and tried it in there. I'd be using Chrome so I tried IE but that didn't work either. I tried uninstalling Chrome completely and reinstalling it. I tried logging into my own account, and while I was able to get further it was still dog slow and eventually I think it did stop too. I tried going to other sites and didn't seem to have the same problems, but after a while I'd get a bit frozen as well.

I even got to the point where my research was saying there might be a problem with Google Chat and the Realtek drivers on her laptop. So I went and got the latest drivers from Realtek, but that didn't help anything either.

Any ideas? I know, nuke the site from orbit, right? But that's so rarely an option for people I'm helping, unfortunately. Nobody has Windows reinstall discs, and they don't want to pay me for the time it takes. I'm hoping to have some other option here. Any help you guys can give would be awesome. Thanks.

The viral infection may have caused more damage than a simple "cleaner" can fix. Though the cleaner may have removed the virus payload, the virus may have caused additional irreversible damage to some of the files. In that situation, important processes might hang when, for example, they make a call into a library function that just isn't there anymore because the virus overwrote it and the cleaner removed the virus.

The other problem is that, once you're in the position where one virus has downloaded another virus, and it's snowballed like you described, you can never be sure that there isn't some other piece of rare malware in the mix, still lurking there, that your scanners didn't catch.

Finally, you said that it seemed like the problem might have been a Realtek audio driver issue, but that a driver update didn't fix the issue. How far down that rabbit hole did you go? In a case like this, just updating the driver isn't enough. The driver's updater program might not be smart enough to know that it has to fully replace every file in cases where it got virus-damaged. If you still think the problem might be in the audio driver, try fully uninstalling the audio driver, both from APPWIZ.CPL and from DEVMGMT.MSC. Disable the audio device altogether. Then see if web browsing works without freezing. If that works, then you've narrowed it down.

Thanks, Tony. I was hoping I wouldn't hear this stuff

Yeah, I tried going down that rabbit hole with the audio driver. I did fully remove the device (which is a serious PITA when Windows keeps wanting to reinstall it). It didn't seem to make a difference. I'm pretty sure I disabled it at one point, too.

Just to rule out everything: hardware, maybe? If it is just the browsers that slows down that's unlikely, but if it is the whole PC to slow down and hang, even just temporarily, I'd check if the HDD is damaged, and if RAM is damaged too.

Thanks for the response.

I don't think it's a problem with that. It's purely the content of the browsers that hang. Even the browsers themselves are fine, as I can move around within the programs with no problems (I think, it's been a few days since I last worked on this).

I don't have much to add to Tony's response, except for this: I've learned a long time ago that actually taking the long route saves you some time in the end. By this I mean backing up the user data, formatting and re-installing and copying the stuff back will probably take you less time than trying to figure out this problem and trying to fix it with 'quick' fixes. Tony is more than likely right: the viruses probably broke something that is irreparable.

That's been my experience as well.

A new, retail copy of Windows is not that expensive. Time and effort trying to fix stuff is not free.

I stopped trying to 'quick fix' this sort of thing years ago. In addition to effectively 'donating' my time for little money (or none), the user learned that it is 'inexpensive' to allow the machine to get messed up.

The wrong lesson is learned. If it was properly expensive to fix WIndows when (every time) this sort of problem happens, Windows would become/viewed as an 'expensive' OS choice.

If the laptop is aged, then a brand new computer with a brand new, not yet infected, copy of Windows might be the right answer.