Stuttering streams post Malware removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by NicWar, Mar 16, 2010.

  1. NicWar

    NicWar Private E-2

    Hi, I posted a short while ago with concerns as to why streams I watch stutter so much they are unwatchable/listenable (http://forums.majorgeeks.com/showthread.php?p=1466411#post1466411). They never used to be but are terrible now. All this seems to have occured since I detected and removed a Rootkit.Agent.

    This removal is detailed on another forum post (http://www.howtogeek.com/forum/topic/rootkitagent-problem?replies=40).

    Within this forum, I had been advised to follow the READ & RUN ME FIRST. Malware Removal Guide which I can now say I have. Please find attached the log files.

    N.B When trying to run RootRepeal though my computer experienced 2 crash dumps. I was unable to note down the error codes but can say with confidence that on both occassions the error codes were different.

    If needed, my computer is a Hp Pavilion dv5 1110em.

    Another problem I have noticed since the malware removal is that on almost every reboot, the amount of free space on my HDD changes.

    This morning I had just over 20Gbs space, after installing MGTools I checked available space to find it had dropped 3.08Gbs. On a reboot this had dropped again to just 795Mbs! I removed 5 items (video files) to bring this back up to 3.06Gbs then, after running MGTools, it had dropped again to 3.04Gbs. All rather confusing if you ask me, hence, I'm asking you. Why does this happen?

    I had noticed in the recent past that if I'm low on available space (say 3Gb) and I get a windows update, after a reboot my available space is back in the region of 30Gbs again. What is going on there? Do windows updates compress my data?

    Anyway, please find attached the log files from SAS, MBAM, ComboFix and MGTools (as reported, RR did not work).

    Yours, perplexed,

    Nic
     

    Attached Files:

  2. NicWar

    NicWar Private E-2

    In addition to the previous post, today at 10am I checked to see how much spare space was on my HDD. It was 2.99Gb. I sent an email, turned OFF the computer, turned it back on at 2pm to find the spare space had changed to 314Mb (!) then checked it again at 2.30pm to find it had dropped again to 299Mb. I'm not downloading anything so what is causing this? Checking now I have 294Mb at 3.15pm.
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not really seeing much in the way of malware. However use windows explorer to find and if you don't know what these are, delete them:
    c:\program files\670851.dat
    C:\selfi.exe
    C:\Users\Nic Warburton\AppData\Local\temp\51N9UXMu.exe.part

    Tell me what malware issues you have. (You should probably post in the software forum for your issue with your hard drive room).
     
  4. NicWar

    NicWar Private E-2

    Hi TimW, thanks for responding. I have removed those files you suggested.

    The issues from the malware I had were that it would open a browser tab that directed to a (what seemed) random site and at other times it would go to someones youtube channel that only had one video on. One of Maryland Cookies. Since removal I have noticed that when I watch a stream, the stream jumps and stutters an incredible amount even if the stream is 100% buffered. That is just for one stream - I used to be able to watch 2 or 3 at the same time with no real effect on quality. I have also noticed that if I have a browser with multiple tabs open and I'm playing music through iTunes, that music occaisionaly jumps and stutters too.

    The processors seem to be having a hard time too. During the watching of one stream, using a cpu monitor, both my processors are working at 100% or there abouts (93%+). This again never used to be the case.

    About a month ago I did a full system scan using AVG9 and it found some dodgy things: SHeur2.CMCK, SHeur3.DS, SHeur3.ES, Generic.BGRH, Small.BUU and BackdoorWin32/IRC.gen!K.

    All of this was removed easily enough, most went to the quarantine area, but ever since I've had problems. I'll attach the AVG9 log for your perusal.

    Shortly after this, using MBAM, I discovered a Rootkit.Agent, which is when my problems really hit. I posted all of this in another forum - http://www.howtogeek.com/forum/topic...lem?replies=40 - again, I will attach the MBAM log.

    I have since been advised to delete AVG9 as I also have MSE. Is it possible that moving infected items to the AVG quarantine area then deleting the whole program could affect my computer in the way it has - with the reduction in quality of streaming and more work for the processors? All my drivers are up to date so I am a bit confused as to why this is occuring.

    N.B Since following the READ & RUN ME FIRST thread, when I watch a movie or play a game, in the top right corner of my screen I have a series of numbers that are coloured red if the value is below 15 or yellow if greater than. What are these and where did they come from? The only things I have installed recently are ComboFix, RootRepeal (which didn't work although it is still installed) and MGTools. Could this be from one of those? If so, how do I get rid of these numbers? Do I still need these progams?
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I perused your thread at the other site. You are concerned about how much space you have and your logs show this amount:
    Code:
    Size    223.54 GB (240,023,207,936 bytes)    
    Free Space    3.04 GB (3,269,189,632 bytes)
    I suggest you take all the music and videos you have and transfer them to an external storage drive. You could then do a drive defrag and see if that helps.

    As to the colored numbers you are seeing, I have no idea what you are referring to, or what program you are using to view them with.

    You should use this:
    Startup_CPL

    I suggest you post in the software forum regarding your video and audio issues.

    Your AVG log shows that it removed many FP from your system. Unfortunately you have already removed that program so you cant restore them.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds