screen317
-
Posts
19,856 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by screen317
-
-
the processor always slows down to 800 MHz once it hits 81 C, and I don't know why. It is not meant to do that, to the best of my knowledge, and any way to prevent this would be eagerly welcomed.
I will be taking the laptop in for a checkup tomorrow, and if nothing turns up then Alienware is going to lose one of its loyal customers...
I know that AlienWare offers a warranty for x number of years (the number eludes me...), so I would check on that before trashing the machine altogether.
Also.. 81
-
Hi ciaotime,
You're very welcome.
Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:
1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.
2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.
3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.
4) Be sure to update your Antivirus and Antispyware programs often!
Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?
Safe surfing,
-screen317
-
Hi ciaotime,
Don't worry, it didn't pick up anything serious. Let's clean it out though.
Please navigate to Start --> Control Panel and double-click the Java icon (looks like a coffee cup and you may have to select "Switch to Classic View" in the left panel):
[*]On the "General" tab, under "Temporary Internet Files", click the "Settings" button.
[*]Next, click on the "Delete Files" button
[*]There are two options in the window to clear the cache
-
Hi ciaotime,
Things are looking good.
Please open HijackThis, and select Do a system scan only.
Place a checkmark next to the following entries:
O24 - Desktop Component 2: Desktop Uninstall - C:\WINDOWS\warnhp.html
Then, close all other open windows, leaving only HijackThis open, and select Fix checked.
Delete the following file if present:
C:\WINDOWS\warnhp.html
Now, let's check for leftovers.
Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Extended
[*]Scan Options:
- Scan Archives
- Scan Mail Bases
- Extended
[*] Click OK and, under select a target to scan, select My Computer
- Scan using the following Anti-Virus database:
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Also...
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6u4.
- Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- In the pull down menu next to Platform select Windows
- Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
- Click Continue
- Click on the link to download Windows Offline Installation and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.
Restart your computer, and post a fresh HijackThis log.
-screen317
-
Hi heliopath121,
Unfortunately, I don't see any solution other than a System Restore. Please give it a try. If it doesn't help, you can always undo the Restore.
-
Hi ciaotime,
Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
First, please open HijackThis, and select Do a system scan only.
Place a checkmark next to the following entries:
O21 - SSODL: bqxomdo - {9C493450-116A-45A8-8DE0-B8DF7C892629} - C:\WINDOWS\bqxomdo.dll (file missing)
O21 - SSODL: aswmklt - {6C0C0836-3822-45C1-AD24-A205CA71617F} - C:\WINDOWS\aswmklt.dll
Then, close all other open windows, leaving only HijackThis open, and select Fix checked.
Next, Now, reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, please delete the following file:
C:\WINDOWS\aswmklt.dll
Next, while still in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
-screen317
- Restart your computer
-
Hi heliopath121,
Does this issue occur if you use Internet Explorer instead of FireFox?
When did you first encounter this problem? Have you attempted a System Restore to a date before that time?
-screen317
-
Hi ciaotime,
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
-screen317
-
Hi ciaotime, and welcome to MalwareBytes,
Please open HijackThis, and select Do a system scan and save a logfile.
A Notepad document will open. Please post the contents of that document.
-screen317
-
Hi heliopath121,
PCPitStop noted a few important things that you can do to improve the shape your computer is in.
Pay particular attention to these items:
-
Hi Kez, and welcome to MalwareBytes.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
-screen317
- Close all other windows before proceeding.
-
Hi heliopath121, and welcome to MalwareBytes,
Unfortunately, I don't see any malware in your logs. (LuCallBackProxy is a Symantec component)
Let's see if we can find the cause of your gaming problems.
First, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
Next, please open HijackThis, and select Do a system scan only.
Place a checkmark next to the following entries (if present):
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Then, close all other open windows, leaving only HijackThis open, and select Fix checked.
Now, delete the following folder (if present):
C:\Program Files\Viewpoint\
Restart your computer.
Next, please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me.
-screen317
- Viewpoint
-
Hi Aud300,
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6u4.
- Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- In the pull down menu next to Platform select Windows
- Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
- Click Continue
- Click on the link to download Windows Offline Installation and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.
Restart your computer, and post a fresh HijackThis log afterwards.
-screen317
- Download the latest version of Java Runtime Environment (JRE) 6u4.
-
Double click OTMoveIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
Besides that, looks like you're good to go.
Please take the following steps to help prevent infection in the future.
1) Download and install Spybot-Search & Destroy, which has great features (specifically Immunization and TeaTimer) that help prevent malware from getting on your computer. Also a great scanner for weekly checks of the health of your system.
2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.
3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.
4) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.
5) Be sure to update your Antivirus and Antispyware programs often!
Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?
Safe surfing,
-screen317
- Click the CleanUp! button.
-
Okay, thanks for the information.
Please download OTMoveIt by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file path below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\kbhookdll.dll - Return to OTMoveIt, right click on the "Paste Standard List Of Files/Folders to move" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
- Open Notepad and paste the text into a new file.
- Save the file to the desktop as OTMoveIt.txt and post it in your next reply.
- Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
-screen317
- Save it to your desktop.
-
Hi McCutty, and welcome to MalwareBytes.
Before we begin, do you have I Hate Keyloggers installed?
-screen317
-
Hi Audric, and welcome to MalwareBytes.
I see no immediate signs of infection in your log; looks like AVG took care of it.
We can take a look though, just in case.
First, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):
Netpumper
Bitgrabber
BitRoll
CiD Help
CiD Manager (or anything with CiD in the name)
Download Plugin for Internet Explorer
Zone Media
Next, please download NoLop to your desktop from one of the links below...
- First close any other programs you have running as this will require a reboot.
- Double click NoLop.exe to run it.
- Now click the button labelled "Search and Destroy".
<<your computer will now be scanned for infected files>> - When scanning is finished you will be prompted to reboot only if infected, Click OK.
- Now click the "REBOOT" Button.
- A Message should popup from NoLop. If not, double click the program again and it will finish.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
Please post the contents of C:\NoLop.log along with a fresh log from HijackThis. Please let me know if you had any problems during the fix.
-screen317
- First close any other programs you have running as this will require a reboot.
ad.yieldmanager
in Resolved Malware Removal Logs
Posted
Hi cheriebono,
pomp asked me to step in while he's at work.
Please open HijackThis, and select Open the Misc Tools section.
Select Open Uninstall Manager...
Select Save list..., and a Notepad document will open. Post the contents of that Notepad document.
Also, please download the HostsXpert.
[*]Extract the HostsXpert.zip by doing the following:
[*]Right-click HostsXpert.zip and select extract all