Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A pause before certain websites


  • This topic is locked This topic is locked
21 replies to this topic

#1 timew

timew

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 01 August 2015 - 04:42 PM

http://www.bleepingcomputer.com/forums/t/584847/long-pause-from-google-search-to-some-sites/

Attached Files


Edited by timew, 01 August 2015 - 04:44 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 03 August 2015 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You are presently running the Fabar tool from a Temporary folder.
Running from C:\Users\renohol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET1EEL6M
Not a good reason to use a temporary folder to run programs.

Please move the FRST64.exe to your Desktop. Save the Fixlist.txt file suggested below and save it on your Desktop also.
Otherwise you fix will not work.

Move the file now or Download a fresh copy of the Farbar tool to the Download folder I'm suggesting below.
My fix will clean your temporary folders.

===

You may be interested in Downloading your all your files/programs to a DOWNLOADS folder.


http://www.sevenforums.com/tutorials/112232-internet-explorer-change-default-download-location.html
If the Download folder is not available you can create one.
Change the settings in IE to reference the downloads folder.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

p.s.
Keep in mind that the FRST tool and the Fixlist.txt files must be on your desktop.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 03 August 2015 - 08:41 PM

No diference, still has the issue with facebook.


Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by renohol (2015-08-03 18:09:32) Run:1
Running from C:\Users\renohol\Desktop
Loaded Profiles: renohol (Available Profiles: renohol)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
ZAMSvc => service removed successfully
EagleX64 => service removed successfully
nvvad_WaveExtensible => service removed successfully
ZAM => service removed successfully
ZAM_Guard => service removed successfully
EmptyTemp: => 9.4 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 18:10:07 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 04 August 2015 - 08:06 AM

Go to this page.
https://www.facebook.com/help/community/question/?id=10151469026437322

Execute the fix suggested by Mike Fahey

How is it now?

#5 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 04 August 2015 - 05:49 PM

Tried to follow his instructions but I think facebook has changed a little since he posted that since the instructions seemed outdated...

 

The thing is...its not just facebook, I just tried oregonlive and the same exact issue happens, its only certain sites like facebook, oregonlive, bleacher report and a few more I run across and what is most puzzling to me is the fact that the freeze only occurs after a reboot on the first attempt at one of these sites.



#6 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 04 August 2015 - 05:58 PM

http://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/how-to-stop-computer-freezing-when-opening-certain/050b34f3-77f8-4e58-aa52-170486af9855

 

maybe this helps, this person has the same issue



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 05 August 2015 - 07:13 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#8 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 August 2015 - 05:43 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-08-05 15:15:40
-----------------------------
15:15:40.875    OS Version: Windows x64 6.1.7601 Service Pack 1
15:15:40.875    Number of processors: 8 586 0x1E05
15:15:40.875    ComputerName: RENOHOL-PC  UserName: renohol
15:15:45.841    Initialize success
15:15:45.888    VM: initialized successfully
15:15:45.888    VM: Intel CPU supported
15:16:12.624    VM: supported disk I/O ataport.SYS
15:24:17.875    AVAST engine defs: 15080502
15:24:52.167    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:24:52.182    Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3
15:24:52.260    Disk 0 MBR read successfully
15:24:52.260    Disk 0 MBR scan
15:24:52.291    Disk 0 Windows VISTA default MBR code
15:24:52.291    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:24:52.338    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
15:24:52.338    Disk 0 default boot code
15:24:52.354    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       938828 MB offset 30801920
15:24:52.369    Disk 0 scanning C:\Windows\system32\drivers
15:25:02.035    Service scanning
15:25:03.767    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
15:25:16.667    Modules scanning
15:25:16.667    Disk 0 trace - called modules:
15:25:16.683    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:25:16.683    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e8c790]
15:25:16.683    3 CLASSPNP.SYS[fffff88000fba43f] -> nt!IofCallDriver -> [0xfffffa8007c4b520]
15:25:16.683    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007c47680]
15:25:22.608    AVAST engine scan C:\Windows
15:25:24.719    AVAST engine scan C:\Windows\system32
15:28:34.131    AVAST engine scan C:\Windows\system32\drivers
15:28:46.996    AVAST engine scan C:\Users\renohol
15:33:34.931    AVAST engine scan C:\ProgramData
15:33:50.502    Disk 0 statistics 4109193/0/0 @ 6.77 MB/s
15:33:50.502    Scan finished successfully
15:42:00.143    Disk 0 MBR has been saved successfully to "C:\Users\renohol\Desktop\MBR.dat"
15:42:00.143    The log file has been saved successfully to "C:\Users\renohol\Desktop\aswMBR.txt"



#9 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 August 2015 - 05:47 PM

here

Attached Files

  • Attached File  MBR.zip   573bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 06 August 2015 - 07:12 AM

The MBR is clean.

Did your run the TDSSKiller tool.
Post the log for my review.

#11 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 06 August 2015 - 05:04 PM

TDSSKiller didn't find find anything and I don't remember it creating a log, I'll run it again.



#12 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 06 August 2015 - 05:07 PM

ok ran it again and it still didn't find anything or create a log, it has a report of 432 items scanned and I tried to copy it but it wouldn't let me.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 07 August 2015 - 06:26 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#14 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 07 August 2015 - 05:45 PM

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by renohol on Fri 08/07/2015 at 15:22:35.62.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\renohol\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/7/2015 3:24:02 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\PCSettings deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Users\renohol\AppData\Roaming\Mozilla deleted successfully
C:\Users\renohol\AppData\Roaming\QuickScan deleted successfully
C:\Users\renohol\AppData\Local\CrashDumps deleted successfully
C:\Users\renohol\AppData\Local\Downloaded Installations deleted successfully
C:\Users\renohol\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\renohol\AppData\Local\EmieSiteList deleted successfully
C:\Users\renohol\AppData\Local\EmieUserList deleted successfully
C:\Users\renohol\AppData\Local\GameSpy deleted successfully
C:\Users\renohol\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2270614712-1137992979-1838477882-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\WININIT.INI deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn" []

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{2024A325-BA3E-49FD-9BB1-4577328B9941} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2270614712-1137992979-1838477882-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2024A325-BA3E-49FD-9BB1-4577328B9941} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2024A325-BA3E-49FD-9BB1-4577328B9941} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sansa Updater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\renohol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\renohol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found


==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=31 28156420 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\renohol\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\renohol\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 08/07/2015 at 15:41:35.80 ======================



#15 timew

timew
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 07 August 2015 - 05:56 PM

15 second pause on Oregonlive :(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users