Browser keeps freezing

[Kate]

My browser keeps freezing, whether it be Internet Explorer or Google Chrome. It sometimes freezes when all I do is try to open it, or when I click on links, or midway through streaming...Sometimes websites just suddenly stop responding without being prompted by any action on my part. I did an anti-virus scan, ran Spybot, deleted Temporary Files/Cookies, did a Disk Cleanup, ran the Defragmenter, disabled File Sharing...I'm at a loss as to what to do next. Any help would be greatly appreciated :)

[KenB]

Hi Kate and welcome to ExTS

 

I have deleted your other post - nothing gained in duplicating it :)

 

Download MBAM from here: ( Click on Products > you want the free version )

http://www.malwarebytes.org/products/malwarebytes_pro

 

You may get re-directed to a mirror site - don't worry about this it is a security thing.

 

Install > Update > Run it.

A log will be created - copy this entirely and post it here.

 

If there is anything there that needs attention one of our security experts will advise you further.

 

Just a note:

Spybot is a bit dated - in future I suggest you use MBAM for your regular scans.

[Kate]

Below is the log MBAM came up with:

 

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.05.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Protection: Enabled

05/02/2012 15:52:38

mbam-log-2012-02-05 (15-52-38).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 343457

Time elapsed: 3 hour(s), 1 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{BAA57DFA-F744-AD7D-418C-D0FA6544F3E7} (Trojan.Agent) -> Data: C:\Users\RS\AppData\Roaming\Ombu\ajyv.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\RS\AppData\Roaming\Ombu\ajyv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

D:\MicroGaming\Poker\LadbrokesMPP\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

(end)

[KenB]

Hi,

 

There are a couple of things that may need looking at.

I will ask one of out security experts to take a look and advise further.

 

Please be patient - they are busy people but one of them should get to you within a day or so. :)

[Starbuck]

Hi Kate,

 

disabled File Sharing..

This doesn't sound good.

I'll move this thread to the malware removal forum, just in case.

 

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

 

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

 

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

 

 

Step 1

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
   
  Then:
   
  Double click on Combo-Fix.exe & follow the prompts.
   
  Vista/Win7 users should right click on the icon and select Run as Administrator.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit:

Combofix.txt

Both reports from OTL.

 

 

Thanks.

[Kate]

This scan seems to have fixed the problem ! Thank you so much ! :)

[Kate]

The MBAM scan was enough. Sorry I didn't update you earlier but I wanted to be 100% sure it was the case before starting popping the champagne corks. And about file sharing, I think there was a misunderstanding. I meant files I share on my home network. I'm not very good with computer, just followed the advice of some other person on the Internet :) Edited February 6, 2012 by Kate

[Starbuck]

Hi Kate,

 

I meant files I share on my home network.

Ok, i understand now.

 

The MBAM scan was enough.

It would still be worth running the scans i mentioned in my previous post.

You can never be too careful.