Help with reading log results

[Trintar VIII]

Hello,

I have been having problems with my computer running extremely slowly over the past few weeks. It is a fresh install of Windows 7, so I didn't think anything was infected, but the problem has steadily gotten worse. I read the 8-step removal thread and have the logs posted. The MalwareBytes did not have any results, so I didn't bother to attach it. Also, when running GMER, I got an error that said:

C:\Windows\system32\config\system: The system cannot find the file specified.

I ran the program anyway (in safe mode as well, but that error still showed up) and posted the results for that as well. I did turn of my active protection as well, so I'm not sure if I just missed something.

Thanks for any help offered!

 

[Bobbye]

We only do 'slow' in this forum if it's related to malware.

I'm not sure what the following represents, but there are Errors in the Event Viewer for failure of #0-#7:

6/8/2010 5:40:36 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
Same Error repeats for processor 6,5,4,3,2,1,0.

Use of µTorrent

Hard drive space minimal:
C: is FIXED (NTFS) - 233 GiB total, 90.915 GiB free.
D: is FIXED (NTFS) - 596 GiB total, 14.114 GiB free.

Having unnecessary processes start on boot and run in the background: for example:
Description: Software that automatically updates the firmware on LG optical drives when they are released.
File Location: C:\Program Files\lg_fwupdate\fwupdate.exe
Description: UpdatePSTShortCut: "software\cyberlink\PowerStarter"
"c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe"
RoxMediaDB12
CinemaNow Service
All auto-updates with the exception of the AV program

You are obviously a serious gamer and media user. Not only do you have many games and medias running, but also the associated processes such as the gaming mouse, media players, etc.

It is a fresh install of Windows 7, so I didn't think anything was infected, but the problem has steadily gotten worse.

The first time you connect to the internet makes the system vulnerable. There are some limits on programs that can be run because you have a 64bit OS. But let's try an online AV scan because there is nothing obvious in these logs:
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I'd like you to go to this site: http://netsquirrel.com/msconfig/msconfig_win7.html

Follow the steps and screenshots there. Uncheck everything that does not need to start on boot. All of the processes that do start on boot will continue running in the background. After you've been active for a while, the system has gathered temporary internet files and temp files for setups of new installs. Virtually every program that is installed puts itself on the Startup menu. But almost none of them need to be there. The programs or apps can be accesses by a simple click on the Start button.

So run the online scan and leave the log in your next reply.

 

[Trintar VIII]

Thanks for the reply! I got msconfig properly set up now. I didn't even think to check that, but a lot of stuff will not be running now. I'm about to run the scan now. I'll post the log as soon as it finishes.

Edit: Hm, it looks like nothing was found. What should I do now?

 

[Bobbye]

Nothing was found doing what? The Eset scan? where is the log?

The MalwareBytes did not have any results,

There should still be a log.
You also did not include Malwarebytes in your logs:

There is an entry which is identified by some security sites as malware:
c:\windows\system32\rockers.reg
A search was difficult because it wanted to bring up rocking chairs. Is this a part of your games?

Was slowness the only problem you had? Has that improved since taking some programs off of Startup?

 

[Trintar VIII]

The computer will be slow intermittently. Sometimes everything will run just fine and then a minute or two later (with nothing new running) websites will slow to a crawl while loading, sometime the browser will freeze up temporarily for a few seconds to a minute or more (I'm using Chrome and Firefox). Also, I had a problem loading up Amazon yesterday for a while. Instead of loading Amazon, it would load myspace, which I don't use. So I'm thinking there's some sort of malware or spyware that is causing that. Also, I've attached the MalwareBytes log.

Also, I've noticed an increase in performance now versus a week or two ago. I think removing startup items helped as well. Though I still think there might be something wrong in my system.

I'm not quite sure what rockers.reg is, I can't think of what game it would be. I'll look around and see if I can find any more info on it.

Edit: Oops, I forgot the ESET log. It is now attached as well.

 

[Bobbye]

Questions:
1. What happened to these?
Scan 1:
local_time=2010-06-08 02:25:25
found=2
# cleaned=0
D:\Programs\Agogo Video iPod\AgogoVideo2iPod.exe>>> Win32/Adware.RK.AB application
D:\Programs\Nero 9.4.13.2b\Nero-9.4.13.2b_trial.exe>>> Win32/Toolbar.AskSBar application
Scan 2:
local_time=2010-06-08 04:32:18
found=0
# cleaned=0

It is a fresh install of Windows 7, so I didn't think anything was infected,

2. Did you reinstall the OS? Why?
Did you upgrade?

websites will slow to a crawl while loading, sometime the browser will freeze up temporarily for a few seconds to a minute or more

3. How much RAM do you have?
The speed- or lack of- can also be due to your ISP or the servers on the web pages you are trying to load. IF the system is freezing to he point that you have to reboot, then are able to work for a while, but eventually repeat the process, either you don't have enough RAM or a chip might be bad

4.Most of the hard drives have media-intensive programs, related apps and hardware.The two hard drives combined have only 12.6% free. You have a lot of 'stuff' on that system. The 'stuff' is mostly media-intensive. A lot appears to be starting on boot and running in the background. As you surf and pick up temporary internet files, the system is going to slow down.

I'm not sure about a redirect. Usually you would get a site for ads, not MySpace.
You are also using uTorrent, a file sharing program. count on this for some background activity.

You can run Combofix and see if it picks up anything significant:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix.

Other than these Adware entries, the symptoms you're describing appear to be more system related than malware related. As I mentioned, you have a lot of media intense entries. If they're running in the background, as you surf and pick up temporary internet files, you are going to start slowing down. I'll check the Combofix report and see if anything needs to be moved.

 

[Trintar VIII]

1) They got deleted and are no longer on my hard drive.

2) This is a fresh install of Windows 7, not an upgrade. I reformat my computer regularly 1-3 times a year, just to have a "clean" install every so often.

3) I have 4gb of RAM.

4) My main drive is about 40% free, which is the drive that has all the installed programs and OS. My second drive (used for storage such as music and programs) is quite full though.

Combofix will not run, saying it is not supported on Windows 7.

I agree that it's probably a media thing and I have noticed a big increase in performance after removing a lot of start-up items. I still get the weird lag, but not nearly as much. I'll free up some more space and see about cleaning up some other things.

 

[Bobbye]

You must have a 64bit OS. Combofix won't run on the 64bit systems.

I copied the hard drive figures from the log you left. Why don't you get an overwriting program like Eraser? Just uninstalling won't work: I've been using this for years: http://eraser.heidi.ie/

It is also possible that the RAM chip is bad: You might need to run Memtest:
https://www.techspot.com/vb/topic62524.html

I am always amazed at users who do reformat/reinstalls regularly. I've never done one on any of my computers. I'm working on a 5 year old Dell laptop with Windows XP. By using a combination of Housekeeping in The Ultimate Troubleshooter and Eraser, I have 88% free. I have also always done regular maintenance on my systems.

 

[Trintar VIII]

Things are running better now after running Eraser and getting rid of some unneeded files/programs. I'm downloading a trial of The Ultimate Troubleshooter to see what it finds and I'll report back. Thanks a bunch for all of you help, I really appreciate it!

 

[Bobbye]

Check out "Housekeeping" on upper screen of TUT. You can customize what you want it to remove. Be sure to check the part to send to Recycle Bin. Then when through, do right click on Recycle Bin> Erase. I usually recover 55-70MB when I do this. It is an awesome combination!

Here's an example: You can check what you want:
Housekeeping in TUT:
Clr TIF in IE & FF
CLR IE HX
CLR FF HX & add bar
Delete Temp files
Empty RIF folder
Empty DL installs
Empty pre-fetch
Empty temp.
Clr. Doc HX
Clr IE add bar..
Clr sea monkey add bar
Clr Run HX

Usually 50-60MB- depends on how often and how active.

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  
  Creating a Restore Point in Windows 7:
• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.
  
  Deleting all but the most recent System Protection point in Windows 7
• Click Start, type Cleanmgr.exe and press ENTER
• Select the drive-letter from the list and click OK
• Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
• Select the drive-letter from the list and click OK
• Click the More Options tab
  
  
• Click the Clean up… button under System Restore and Shadow Copies.
• Click OK.

Empty the Recycle Bin

Let me know if you have any more questions.