Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Running Slow and Browsers Redirecting


  • Please log in to reply
4 replies to this topic

#1 Songan

Songan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 12 July 2011 - 05:31 PM

My computer has been running quite slow for the past couple of weeks and I am not sure why as it usually runs quite fast. I do a lot of digital art in Adobe Photoshop but I've stopped for now because every now and then, the computer will randomly lag. I use both Firefox and Safari. Both redirect me to random sites when I click a link However, Safari runs much faster than firefox but I don't think it's running at it's best potential. I've used Rkill and it says nothing was detected. I've also scanned with Malwarebytes Anti Malware. It picked up 9 infections and I deleted them and rebooted my PC as it said so. I've scanned with Rkill and Malwarebytes again and both aren't picking up anything, even when I do a full scan. I've done a number of things to get my PC running faster. I've removed programs that I don't use, updated, scanned, etc and nothing seems to help.

Edited by Songan, 12 July 2011 - 05:32 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:32 PM

Posted 12 July 2011 - 09:26 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Songan

Songan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 13 July 2011 - 06:00 AM

Security Check Results

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
McAfee Security Scan Plus
McAfee SecurityCenter
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
TuneUp Companion 2.1.1
Java™ 6 Update 22
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````




Results of MiniToolBox

MiniToolBox by Farbar
Ran by Cherelle (administrator) on 13-07-2011 at 06:56:29
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 54061
"network.proxy.type", 0

========================= End of FF Proxy Settings ========================
Hosts file not detected in the default diroctory
================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : prefered-ab0771

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain_not_set.invalid



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain_not_set.invalid

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet for hp

Physical Address. . . . . . . . . : 00-0D-9D-50-B9-9E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 99.135.10.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 99.135.10.103

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, July 13, 2011 6:52:29 AM

Lease Expires . . . . . . . . . . : Wednesday, July 13, 2011 7:02:29 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.225.48, 74.125.225.50, 74.125.225.51, 74.125.225.49
74.125.225.52



Pinging google.com [74.125.225.51] with 32 bytes of data:



Reply from 74.125.225.51: bytes=32 time=49ms TTL=54

Reply from 74.125.225.51: bytes=32 time=49ms TTL=54



Ping statistics for 74.125.225.51:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 49ms, Average = 49ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=71ms TTL=51

Reply from 67.195.160.76: bytes=32 time=71ms TTL=51



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 71ms, Average = 71ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 9d 50 b9 9e ...... Broadcom NetXtreme Gigabit Ethernet for hp - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 99.135.10.103 99.135.10.102 20
99.135.10.0 255.255.255.0 99.135.10.102 99.135.10.102 20
99.135.10.102 255.255.255.255 127.0.0.1 127.0.0.1 20
99.255.255.255 255.255.255.255 99.135.10.102 99.135.10.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 99.135.10.102 99.135.10.102 20
255.255.255.255 255.255.255.255 99.135.10.102 99.135.10.102 1
Default Gateway: 99.135.10.103
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2011 06:52:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/13/2011 06:52:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/13/2011 03:18:40 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3944 (0xf68)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe
by C:\Program Files\AVG\AVG9\avgchsvx.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/13/2011 03:04:28 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2580 (0xa14)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\$hf_mig$\KB2555917\spuninst.exe
by C:\Program Files\AVG\AVG9\avgchsvx.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/13/2011 01:21:58 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3544 (0xdd8)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
by C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/13/2011 00:13:01 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 112 (0x70)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\$NtUninstallKB2507938$\spuninst\updspapi.dll
by C:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\update.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/13/2011 00:07:28 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2268 (0x8dc)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe
by C:\WINDOWS\system32\MRT.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/13/2011 00:02:35 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 492 (0x1ec)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\$NtUninstallKB2555917$\spuninst\updspapi.dll
by C:\WINDOWS\SoftwareDistribution\Download\74e25d8d3f8f073279c53d17136ac8af\update\update.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/12/2011 11:11:17 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2060 (0x80c)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\SoftwareDistribution\Download\74e25d8d3f8f073279c53d17136ac8af\spmsg.dll
by C:\Program Files\AVG\AVG9\avgchsvx.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/12/2011 09:36:06 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3352 (0xd18)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.2.0.835 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\System Volume Information\_restore{EE85A4CB-8FB3-4BE1-B220-8ADC54D993BF}\RP325\A0141048.ini
by C:\WINDOWS\System32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


System errors:
=============
Error: (07/13/2011 03:18:40 AM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/13/2011 03:05:30 AM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/13/2011 01:22:01 AM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/13/2011 00:14:02 AM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/13/2011 00:08:28 AM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/13/2011 00:02:39 AM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/12/2011 11:11:17 PM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/12/2011 09:36:09 PM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/12/2011 09:31:07 PM) (Source: Service Control Manager) (User: )
Description: The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/12/2011 08:24:54 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 65%
Total physical RAM: 1023.48 MB
Available physical RAM: 353.81 MB
Total Pagefile: 2461.84 MB
Available Pagefile: 1710.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.16 MB

======================= Partitions: =======================================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:167.64 GB) NTFS

================= Users: ==================================================

User accounts for \\PREFERED-AB0771

-------------------------------------------------------------------------------
Administrator ASPNET Cherelle
Guest HelpAssistant Queen B
SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================

#4 Songan

Songan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 13 July 2011 - 06:24 AM

Malwarebytes Anti Malware Log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7063

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/13/2011 7:23:50 AM
mbam-log-2011-07-13 (07-23-50).txt

Scan type: Quick scan
Objects scanned: 223930
Time elapsed: 24 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:32 PM

Posted 13 July 2011 - 06:08 PM

...and GMER....

You're running two AV programs, AVG and McAfee.
One of them has to go.
If McAfee, use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
If AVG, use AVG Remover: http://www.avg.com/us-en/utilities

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users