Web pages wil not resolve/load properly

Hello and thanks ahead of time for any and all help!


Web pages on my computer do not load fully. I will pull up a web address from my favorites file and wait for it to resolve. Often what happens is it will be slow to load, but it will eventually resolve the text on the page. But advertisements, photos and graphics on the page will not show up immediately, or at all, it will just sit there forever showing an incompletely loaded page. Sometimes the page will load very fast like it should, but this is rare. Often it will not even load, it will just sit there and try to load the page in a never ending cycle, never resolving the address. I have literally left a page to try and load for 20+ minutes and it will never load.
Hitting F5, reload or highlighting the address and hitting enter (while it is currently actively trying to load) usually doesn't work if it is having problems in the first place. Hitting the STOP button and halting the loading of the page, and then re-trying seems to have slightly more success. What seems to work best is to highlight the web address (and on the browsers that have the feature) choose "paste and go" in the title bar. This seems to load pages the most effectively. It also doesn't matter if I use an address from my favorites list, or if I manually type in the address, its just as problematic from each method.
Prior to coming here, I used many malware programs and many AV scans and no success in improving things. Thinking it might be flash, Java, shockwave or some other program being corrupted, I uninstalled and updated them, as well as Zonealarm free and AVG free, but no success there either. These were done prior to going through the steps on your site. I was hoping to us system restore, but there are no saved restore points at this time (though I know there was in the past) Looking at system restore, I see there are literally hundreds of error messages listed.
I have Google, Maxthon, Opera, Seamonkey, Firefox and IE 6 loaded. None of them seem to load much better than the other, though I would give an edge to Seamonkey out of all of them for being the most effective. It doesn't seem to matter much what web site I go to, they all have problems loading. Of particular difficulty are excite.com and yahoo.com, they seem the slowest that I visit regularly.

Not sure how related this is to my current problem, or if its totally separate but maybe about 6 weeks ago I noticed one of my hotmail email accounts was hijacked and started sending out emails that weren't from me. The emails would be sent to everyone on the mailing list of that acct, most of which were my own additional email accounts so I quickly saw what was going on. Maybe once a week everyone would get an email with no subject title and upon opening the email, all there would be was a link to one web address, no text or anything. I never clicked any of the various web addresses used as I knew it was likely a malware site. Heres an example sent out Friday the 12th:
hxxp://sites.google.com/site/gdf5435gdf/txmo7g

I took the TT out of http so no one accidentally tries to visit the page.

Anyway, seems that shortly after that stuff state getting sent out, I noticed my web pages loading a bit slower. Eventually things got worse and worse until now it is pretty much problematic 100% of the time to load a web page. On very rare instances do web pages load as fast as they should. I have 12,000 KB cable from Comcast and I mostly get pages loading like dial up speeds.
Its not just loading of pages, it processing speed on most anything that can be affected. For example, I can have an email text box open and be typing a letter. I can write "Hi, how are you doing" and what will show up is "Hi, ho" and there will be a pause of several seconds, and what will eventually show up is the rest of the letters "w are you doing" to complete the sentence. Definitely a severe lag time to things. Or if I'm playing a game of spider solitaire, the cards will freeze while trying to deal a new row of cards, and then resume dealing the rest of the cards after hesitating.
Running windows task manager while things are frozen or hesitating doesn't seem to show much, except that vsmon.exe claims high amounts of resources for a time, but not each and every time things hang.

Ok, hope that's enough detail of whats going on, but not too much to bore you!


My system is a privately made system with an Athlon 64 3000+ 1.8GHZ with 2 gig ram, running windows XP home version 2002, service pack 3. Here are the logs, with incidental notes on any problems running the various programs:


Prior to running SuperAntiSpyware, I wasn't quite sure what all features needed to be disabled in AVG 9.0 (since it no longer lets you temporarily turn it off like older versions) I know I can turn off the Resident Shield, but is that ALL I should turn off when you recommend disabling my computers antivirus? I didn't know, so I uninstalled AVG 9.0 to run the scans where it said to disable my antivirus.
In running SAS, I had to add the Recovery Console, that went as stated. Shortly after starting the scan, an error box popped up that said SAS has encountered a problem and needs to close. It wasn't one of the 5 listed on the page and before I could write everything down, the window closed and the scan kept running. Soon another window popped up with:
"Windows Security Center Notification App has encountered a problem and needs to close." I left that stay up for over a minute to see if it too would disappear on its own, but it didn't, so I chose ok to close the window which also appeared to end the scan.
While running SAS, (per what the instructions page mentioned), I am not sure if it ever disconnected me from my internet connection. Also not sure if it ever changed my clock format. And I am not sure how many stages SAS got through before the windows security center warning came up. I seem to recall glancing at it and it made it to stage 22 at least I believe.
I restarted the computer and when it rebooted, Zonealarm popped up a notice saying:
"New Network Found"
ID Address: 192.168.100.0/255.255.255.0
Type: Private Network Detected


"Automatically configure this network if I add it to the Trusted Zone" was checked off

I didn't know what to do, (ie allow this new network, or not allow it) so instead of clicking "OK", I hit cancel to close that box, but it opened a new one forcing me to name it, and also to choose whether I wanted to allow it to the Trusted Zone or the Internet Zone. I chose Internet and renamed the new network something about SAS Problem here, so I would be able to recognize it easily if it showed up again.

Note: I just checked Zonealarm and the Firewall Security was in red, as in not working. Zonealarm is set to load at start up, and it does and puts the Z icon in my systray, but it is not alerting me when the firewall is down like that. I first noticed this a few weeks ago when I first started to try and fix this whole problem scenario. I would click "Fix It and then that option would show "Zonealarm has secured the doors to your PC" and would turn green in color. When I would reboot my computer, it would sometimes be red and I would have to "Fix IT" again and turn it on. Other times it would load properly ad be turned on as it should be. Lately, for the last week or so, it has always loaded green properly. This is the first time in a while it was red and needed "fixing". By the way, Internet Zone Security is set to High and Trusted Zone Security is set to Medium.



Malwarebytes - no problems in running it. Though, I want to be sure - I checked off and ran a QUICK scan as per the instructions. Want to be sure it was a QUICK and not a COMPLETE scan that I was supposed to run ( as quick scan seems rather cursory in trying to find the problem). Also wanted to note that I ran the scan and the instructions page said I should click SHOW RESULTS to see the log - but there was no SHOW RESULTS, just the log automatically showing up in notepad. As a side note, an mbam scan I did on 2-5-2010 found a Rogue.Installer and quarantined it. Could this be part of my problem, as this is roughly around the time problems started showing up.



Combofix - Log attached. Don't think this ran completely before shutting off (sorry, its 430 am and I am tired and its been many hours at this the way my computer is running!)


RootRepeal - I could not get this to run, it locked up, I twice left the program start and run for over 7 minutes and it wouldn't do anything. It would say "Initializing components, please wait" and just sit there with a spinning hour glass symbol.
Side note - I do recall running a virus scan one time and seeing it note that the program couldn't scan such and such folder because it was locked. Think this was from running AVG in safemode one time prior to these steps.
Other note - the instructions for this say to "Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop" What I did was download the zip to my desktop, then double click it to open it. Then I right clicked RootRepeal.exe and chose "Extract to specified folder" which was desktop, so I had a location of C:\Documents and Settings\Phil\Desktop
I wanted to be sure I did this correctly, so I am just double checking in case I did it wrong.






MGTools - a window labeled Hijackthis in the upper left opens. It says:
"Please help us improve Hijackthis by reporting this error"
Click yes to submit
Error Details:
An unexpected error has occurred at procedure: ModRegistry_In:GetString(sFile=System.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid Procedure call or argument
Windows Version: Windows NT 5.01.2600
MSIE Version: 6.0.2900.5512
Hijackthis version: 2.0.2

I clicked yes to sending the report.







Just to confirm, I downloaded the executable files to my desktop, with the exception of MGTools which went directly on the c drive. Here are their locations - did I do them correctly?


"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

combofix Location- C:\Documents and Settings\Phil\Desktop

C:\MGtools.exe




Geez, hope that information overload, but wanted to add in any details that I thought may be of use/importance to you. Better to have extra info than leave something out and leave you wondering. Thanks again for then help!

Phil

 

HiTim

Thanks for the very speedy reply. Yes, I have run ccleaner. I also regularly defrag. I've also run page defrag and registry defrags. sfc /scannow, checkdisk, tons of malware programs and AV checks as well. Ran ATF as well just for the heck of it.
I just ran speed checks and they're all over the board. Initial attempts with zonealarm and AVG 9 running failed (though I was able to run the last week). So, on all tests, I shut down zonealarm and uninstalled AVG

dslreports test to NJ test site shows me at 4103 kbps down and 1030 kbps up on the flash based check. On java based check, it shows 749 kbps down 2009 kbps up. And no, I am not missing a digit here! This is the actual speeds listed. 2nd test of java platform gives me 1921 down, 1895 up.


speedtest.net test to seattle shows 16.57 Mbps down and 3.60 up. 2nd test shows 14.42 down, 3.9 up


bandwidthplace.com shows
down 11711 up 4161
down 15049 up 4049
down 18927 up 4424
down 10281 up 3991


auditmypc.com shows
down 4056 kbps up 4507
down 4389 up 4216


some of these test stes didn't say where the test site was run from. The ones that did say, I listed ie Seattle or NJ



I called comcast about this problem of websites not loading speedily or fully a few weeks back and they were like, everything looks fine on our end. We could come out and check the line in your building and other stuff, but it will cost you if we don't find anything. I put little faith in them, having dealt with them before, 80% of the time they are fairly clueless. Once in a while you get a spot on tech who actually makes a change that helps.


Important to me -
I'm wondering why I could not run the rootrepeal or combofix scans? Does that tell you anything? Should I try again? Why wouln't they run if there is not a problem on my machine? AVG was uninstalled for both of them


Any other suggestions? Would trying a hijackthis forum help, or is that information covere in the scans that would fully run for me? Even if it is a comcast service related problem, something seems weird as why is zonealarm repeatedly not loading correctly and needing me to click "fix it", yet never warns me that the program is not protecting me? The icon comes up in my systray, but never gives any indication that protection is down.

Thanks again for the help! Really appreciate it!

PS When poking around, I found several damaged objects under IE 6 tools -internet options - settings - view objects

The first 5 were listed as damaged and the last as unknown, so I deleted them.

F-Secure Online Scanner 3.3 type -active x control 2/27/2008
http://support.f-secure.com/ols/fscax.cab


Shockwave Active X control 2/2/2008 Adobe Systems
http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab



CKAVWebScan Object 8/29/2007 Kaspersky Online Scanner GUI Part
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab



Windows Genuine Advantage Validation Tool 7/12/2005
http://go.microsoft.com/fwlink/?linkid=39204



MUWebControl Class 5/26/2005 Microsoft Update Web Control
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135824330522




ActiveX control (status was listed as unknown)
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Hi Tim

I do not recall 100% if combofix ran fully or not. I am thinking it did NOT run fully, but only partially. I can rerun it and try again, but wanted to get your say so to do that. On the broken objects, I deleted all of them. Some of them were programs I no longer had or coul use (like kaspersky, which was down for repairs when I tried to runa scan a while back). Think the only one that got reinstalled was the Java runtime object.


Should I run combofix again and post a log? And root repeal, which never ran at all?

Also, if I don't have any sort of virus problem, what is the deal with my email list from my hotmail acct being taken over and used to send out spam? If thats totally separate, how does that happen? Any suggestions on how to eliminate that? or a borad to ask for help?

Thanks

 

Hello


I ran a new combofix scan, log file is attached. Tried to run rootrepeal and it eventually gave me a message of Generic Host process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.
EventType: InPageError P1: C0000185 P2: 00000003

I clicked the suggested tab to see more details and wanted to see if I could copy and paste the info, but when I then closed those tabs, the computer totally locked and I had to reboot. Rootrepeal SEEMED to run for 20 minutes before this happened. I say seemed because one part of the program said "initializing components......."
and another part below it said something to the effect of scan in progress or scanning now. But nowhere did it show a progress report, an indicator, a scale or anything to indicate that it was actually performing a scan. The first thing that happened was the generic host error showing up.

So, what exactly does rootrepeal do, and why can't I run it? Is there another program that will do the same thing? I find it curious that this program can't be run. Is that common?
Actually, that brings up a question. The instructions say to "Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop."
How exactly do I extract the file and save the EXE file to my desktop? The only way I found to get the exe to my desktop was to double click the zip file and when it opened all it contained was the .exe file. There was no way to cut and paste it to my desktop, so I right clicked and from the option list, I choose "Extract to the specified folder" which I then selected the destination path as the desktop. Is this the way I should be doing it, or is that maybe part of the reason why rootrepeal won't work properly?

 

Hmm, tried to attach the file last post. Trying again.

What other programs are like rootrepeal that I could run?


Lately, it has been "bogging down" even more, with the hesitations becoming more pronounced. Could be playing a game of solitaire and it will hang/freeze in the middle of dealing the cards, then resume after a second or three. Even just moving the cursor will hang. It will hang and then move in choppy movements, not smooth flowing like it should. So does this seem to be a software problem, or a hardware problem? If software, whats the most likely component to cause this? If hardware, what is the most likely component of the problem? At this point, I don't have a darn clue what it is related to!

 

Hmm, I'm batting 0 for 3 on this one! First question - aren't my temp internet LOGS (or did you mean files?, not logs?) cleared out by ccleaner? If so, these are just the files loaded to my computer since last time I ran ccleaner. I'm on my computer extensively and visit dozens. Otherwise, how do I delete the logs?

2nd question - you mention the rootkit issue with gmer. I have no idea what this means! I'm very uneducated on how computers and the internal components and software actually work/what they do. What does this issue with the rootkit mean? Also, I did a "find files or folders" search on my computer for Gmer and nothing shows up as any files on my computer related to gmer. Is this a clue to something, (or just me not knowing a damn thing what I'm doing! lol)


Third problem - Both links to F-secure lead to http://www.f-secure.com/en_EMEA/support/# Once here, I can not find anything about an online scanner, or instructions how to use it. Ok, did a "search" inquiry and found it at http://www.f-secure.com/en_EMEA/security/tools/online-scanner/
Got it to do a full system scan. Here is the report:







Thanks Tim

 

Hi Tim


I am still confused about the internet LOGS. I go to my c drive, windows folder, then internet logs folder. Yes I see a lot of logs listed there, but I have no clue which ones to delete. Is it safe to delete everything (ie Ctrl A, then delete?) I want to be sure before I delete things I shouldn't as I have no idea what these logs are of are used for. There's hundreds of them there on the list, but I'm a bit worried about deleting something I don't know what they are as I see different endings like .tmp for temp, but also zip files, xml rdb and other endings I have no clue about.




On the part about Gmer, I believe this might be from AVAST antivirus scan? At one point I uninstalled AVG and loaded AVAST to run a scan, then uninstalled AVAST. Is that what it is from? More importantly, is there anything to worry about here? Not sure why you pointed it out as a rootkit issue. I have no clue what to do with that statement! Is it a problem? What should I do about it?



Once I know what to do on these two points, I will follow he rest of the guidelines / final steps.

Thanks again for all the time and help Tim

 

Hi Tim

I hit CTRL+A and tried to delete everything in the Internet Logs folder. Some things would NOT delete. They were:

BACKUP.RDB
COMPUTER.ldb
fwdbglog.txt
fwpktlog.txt
IAMDB.RDB
tvDebug.log
ZALog.txt

vsmon_2nd_2010_03_22_22_08_04-small.dmp
vsmon_2nd_2010_03_22_22_09_34-small.dmp
Note - there were two other vsmon small dumps when I stared typing this, then in the space of 10 minutes, it added seven more small dumps. (I went back and tried to delete all the vsmon dumps and it let me delete them now)



That is what is left that will not delete as it says "cannot delete XXXXX: it is being used by another person or program. Close any programs that may be using the file and try again."

. Most of what I deleted ended in txt, but there were some that I WONDER IF IT WAS SAFE TO DELETE?
These are deleted, is that ok? -


IAMDB.RDB.BAK
tvDebug.zip

Backup3_12_2010.xml
Backup3_15_2010.xml
vsmon_2nd_2008_12_11_21_59_33_small.dmp.zip (and several others of this format)

vsmon_on_demand_2007_11_05_20_07_08_full.dmp.zip (and a couple more full dumps)

IS IT OK TO HAVE THOSE DELETED? I am double checking to be sure those exact files are ok to delete.

 

hmm, this reply says "you don't need to delete any of them" The prior reply said
" Open each folder and remove all the contents of those folders. Yes, Ctrl+A and then delete."

So, delete or not delete? lol Actually, I already did delete them. keep them deleted???

And, yes, I am still having the problems. Definitely more consistent now though. there used to be more times when things would work somewhat properly, but now it is almost a constant delay in doing any function on the computer.

 

Hi Tim

Yep, seems to be hard drive at current. Did a memtest for 920% and no errors. HD testes seem to show its weak? I have just started a thread on software. Thanks again for all the time and help, really appreciate it!



End of thread