Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sounds like rootkit issue here I think...


  • This topic is locked This topic is locked
10 replies to this topic

#1 t-burg

t-burg

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 19 October 2009 - 10:22 AM

First post, thanks for being here. Frustrated for 2 days trying to get rid of this. Sounds like many other are too! From what I've read on this forum for the last few hours I believe I've been nailed by a "rootkit"...? Details: This started couple days back after a LimeWire download, I've dumped that crap since.
I have a desktop with windows vista home premium. My AV is McAfee. I have run Malwarebytes several time last couple days and it keeps finding 4 Trogans. Somewhere here I found the link to run RootRepeal. I've followed those directions and will paste results below. A bit more into - Symptoms: two main issue are continuous pages popping up when I click on a link (your computer has major infection!!, etc) I can close them right away, MOST of the time, but when I click another link, another one of these pages comes up. Also, once in awhile, I get a Run DLL error box - "Error Loading C:\users\terry\appdata\local\temp\8cc4.tmp. The specified module could not be found." If you need more details, such as the exact detail of the 4 trojans, etc please let me know. Here's the rootrepeal results (and thanks in advance for any help!):
ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/19 09:38
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D200000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D3EF000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA4F17000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1176 Status: Locked to the Windows API!

==EOF==

Edited by t-burg, 19 October 2009 - 10:28 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:16 AM

Posted 19 October 2009 - 11:27 AM

Please post the results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 19 October 2009 - 11:33 AM

Ok. I also noticed there are 2 more steps to what I originally posted. Here are the results from those as well as malware log. Thanks!
step two of original:

Running from: C:\Users\Terry\Desktop\Win32kDiag.exe

Log file at : C:\Users\Terry\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Step 3:

Volume in drive C has no label.
Volume Serial Number is 365F-0FF8

Directory of C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/11/2009 01:28 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/11/2009 01:28 AM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Directory of C:\Windows\System32

01/19/2008 02:36 AM 177,152 scecli.dll

Directory of C:\Windows\System32

01/19/2008 02:35 AM 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 04:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/19/2008 02:36 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 04:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/19/2008 02:35 AM 592,384 netlogon.dll
1 File(s) 592,384 bytes

Total Files Listed:
8 File(s) 3,045,376 bytes
0 Dir(s) 244,017,356,800 bytes free

And, Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 6.0.6001 Service Pack 1

10/19/2009 8:35:38 AM
mbam-log-2009-10-19 (08-35-38).txt

Scan type: Quick Scan
Objects scanned: 90564
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\dot3api32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

Also, I just noticed it says Window Service Pack 1. I think I had service pack 2... where'd that go?

Edited by t-burg, 19 October 2009 - 11:36 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:16 AM

Posted 19 October 2009 - 11:41 AM

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

The database in your previous log shows 2971. Last I checked it was 2987.

If you cannot update through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 20 October 2009 - 09:48 AM

Ok, I've carefully followed these direction for TFC, Dr. Web CureIt and Malwarebytes. Safe Mode worked fine. Approximately 12 hours of cleaning and scans, for general info purposes. When I just got online, first time since finishing these last nite, still having the pop-up issues. Here are the two logs requested. Thanks again:

Dr. Web log:
hitin[1].htm\Script.0;C:\Documents and Settings\Terry\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\25GKQBB1\;Trojan.DownLoad.46365;;
hitin[1].htm;C:\Documents and Settings\Terry\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\25GKQBB1;Container contains infected objects;Moved.;
hitin[1].htm\Script.0;C:\Documents and Settings\Terry\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRSQUWH9\;Trojan.DownLoad.46365;;
hitin[1].htm;C:\Documents and Settings\Terry\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRSQUWH9;Container contains infected objects;Moved.;
balistic pintos.au;C:\Documents and Settings\Terry\Desktop\Left side desk top\music;Trojan.WMALoader;Cured.;
cky sporadic movement live in paris rare record.au;C:\Documents and Settings\Terry\Desktop\Left side desk top\music;Trojan.WMALoader;Cured.;
daz retaliation full.wma;C:\Documents and Settings\Terry\Desktop\Left side desk top\music;Trojan.WMALoader;Cured.;
green day 21st century.mp3;C:\Documents and Settings\Terry\Desktop\Left side desk top\music;Trojan.WMALoader;Cured.;
hitin[10.htm\Script.0;C:\Documents and Settings\Terry\DoctorWeb\Quarantine\hitin[10.htm;Trojan.DownLoad.46365;;
hitin[10.htm;C:\Documents and Settings\Terry\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
hitin[1].htm\Script.0;C:\Documents and Settings\Terry\DoctorWeb\Quarantine\hitin[1].htm;Trojan.DownLoad.46365;;
hitin[1].htm;C:\Documents and Settings\Terry\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;Incurable.Moved.;
CouponPrinter.ocx;C:\Windows;Adware.Coupons.34;Incurable.Moved.;

mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 2993
Windows 6.0.6001 Service Pack 1

10/20/2009 12:23:05 AM
mbam-log-2009-10-20 (00-23-05).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 343715
Time elapsed: 2 hour(s), 14 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\dnsapi32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\dnsapi32.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\EncDump32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\dmstyle32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\eapp3hst32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

Edited by t-burg, 20 October 2009 - 09:51 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:16 AM

Posted 20 October 2009 - 09:55 AM

Your Malwarebytes Anti-Malware log indicates some files will be deleted on reboot. If MBAM encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. If you have not rebooted, make sure you do this. When done, rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning. Then click the Logs tab and copy/paste the contents of the new report in your next reply. If you did reboot, then rescan again anyway and post a new log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 20 October 2009 - 10:16 AM

Wow, this is one nasty, stubborn sucker, yes?? Ok, yesterday I did follow everything to the letter and all reboots were done when called for. I just did a mbam update, quick scan and reboot. Here's the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2998
Windows 6.0.6001 Service Pack 1

10/20/2009 10:08:19 AM
mbam-log-2009-10-20 (10-08-19).txt

Scan type: Quick Scan
Objects scanned: 88541
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\gcdef32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01784810-7531-42b1-b905-be0eda1196d7} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gcdef32.dll (Trojan.BHO.H) -> Delete on reboot.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:16 AM

Posted 20 October 2009 - 10:23 AM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware (i.e. rootkit) which has not been detected by your security tools that protects malicious files and registry keys so they cannot be permanently deleted. Other rootkits can even terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 t-burg

t-burg
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 22 October 2009 - 08:04 PM

Ok, I wasn't sure whether to start a new post or not, but thougtht this was the best way to keep all relavent info together. UPDATE: I was getting ready to perform the steps in the last post when my computer totally Locked Up. I could not get it to close anything or even show the pointer!! I tryed ctrl/alt/del to close a page and a program, Nothing. And the fan started running very fast and loud. I then did the last resort and pressed the power button for a few seconds til it shut down. I let it sit overnite, tryed to fire it up yesterday morn and still no screen, nothing but the loud fan. Oh, and the blue power button, that does come on, but nothing else happens. I'm assuming this is associated with this mess I've been dealing with here?? Seems to be Overheating?? I considered changing thermal paste (I do xbox 360's) but wanted to borrow this laptop and ask the experts before I did Anything. I did a backup but only of the files I wanted to save, no system info etc. I hope there's something that can be done? Thank You!

Edited by t-burg, 22 October 2009 - 10:04 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:16 AM

Posted 22 October 2009 - 10:05 PM

Crashes (BSOD), unexpected shutdowns, sudden freezing, random restarting, and booting problems could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware. If the computer is overheating, it usually begins to shutdown/restart on a more regular basis. Troubleshooting for these kinds of issues can be arduous and time consuming. There are no shortcuts.

Note: Some video cards can generate such intense heat while playing games with high quality graphics that they require a separate cooling system. If the fan fails after wear and tear with age, the video processor will not be far behind and your system may start crashing.. If the video card needs replacing, see "Illustrated How to Replace an AGP Video Card".

When was the last time you cleaned the inside of your computer? Dust restricts the airflow and prevents proper cooling. This in turn can cause overheating and faulty processor fans which can result in unexpected shutdowns, random restarts, booting problems, etc. If you use a notebook, they get dirty too and need to be cleaned.
  • Clean out the vents on the computer with a can of compressed air to ensure that they are not clogged with dust.
  • Unplug the computer, open the case and clean out any dust and debris you find inside. Be careful not to aim the compressed air directly at the circuit board or electronic components.
  • Check all the electrical connections and make sure the fans are all operational.
  • Remove the cards and RAM modules, clean the contacts and reseat them.
  • Check the heat sink on the processor to ensure it is not blocked with dust or debris.
  • Remove the CPU's cooling unit and clean the fins on the heat sink that sits under the CPU with a can of
    compressed air.
  • Feel the CPU heatsink when it powers down. It should be warm to very warm but not hot.
  • Inspect the thermal compound between the CPU and heat sink as it can deteriorate over time so. You may need to remove it, scrape away the old thermal gel that makes contact with the processor, then apply a very thin coat of fresh thermal gel on the surface and fit the heat sink back in place again.
  • Monitor the temperature of your CPU, motherboard, hard disks, voltages, and fan speeds.
How to Clean a Computer Tutorials with Screeshots:Note: Some video cards can generate such intense heat while playing games with high quality graphics that they require a separate cooling system. If the fan fails after wear and tear with age, the video processor will not be far behind and your system may start crashing.. If the video card needs replacing, see "Illustrated How to Replace an AGP Video Card".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:16 AM

Posted 24 October 2009 - 06:54 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/266692/malware-problem-rootkit/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users