My computer fan runs loud all the time

[familyfun]

Hello.  I have a problem with my computer fan running loud all the time.  I searched the problem on your site and went through all the malware steps.  First removed 2 programs, wild tangent and the logitech messenger service.  Then removed my spybot program.  I had Symantec but it would no longer update due to an error, so I removed symantec and installed avast.  I went through all the other steps you suggested and now have the log reports for you to check, if you will.  The main problem I've had is a slow, glitchy computer, that the fan runs loud all the time.  If the fan stops running loud, sometimes the computer will just shut off.   The computer also does not want to come out of screen saver / sleep mode, so I changed the settings to be on all the time, ugh.  But the loud fan is the main problem.  Any ideas?  Thanks so much for your help!!

[Saving space, attachment deleted by admin]

[ale52]

Have the fans always been loud / when did it start happening?

Alan <>< 

[familyfun]

it's been loud for several weeks... and when it stops being loud sometimes it will shut off.  (Loud enough that I need to turn it off if I'm not using it...)  any ideas?  I ran all the malware suggestions and there were some things that had to be removed, but I don't think I'm done with that yet (sent the logs already).  But it is still loud.

[harry 48]

the fan noise has nothing to do with the virus forum please ask the question in the hardware forum


but you have a number of issue's in your pc that a malware expert will help you with so please do not do

anything and wait for one to come along

[SuperDave]

Hello familyfun and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Open HijackThis and select Open the Misc Tools section. Select open process manager. select

C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SHINE.EXE
and click on kill process. To select more than one process, hold down the CTRL key while selecting.
Close HJT

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Click Start, Search, select All Files and Folders. Copy and paste

Code: [Select]

C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SHINE.EXE and click search. Delete these files.
NOTE: You will have to do each file separately

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\pacificService.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=:;gopher=:;http=:;https=:;socks=:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Tiger] C:\WINDOWS\SHINE.EXE RUN
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [Reminder] \"C:\Windows\Creator\Remind_XP.exe\"
(Description: Subscription reminder to unlock unkimited use for SoftThinks CD Creator CD/DVD rewriting software, usually supplied with HP PC's as a pre-installed package. Unnecessary. Removing this will free up a small amount of system resources. )
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[familyfun]

Thanks so much for your help...  I have started your instructions and am to the part where I need to search for the 2 different files.  I deleted the first fine, but when I tried to delete the shine.exe file, it will not let me delete it.  Error message says access is denied...make sure the disk is not full or currently in use, etc.  The other file of shine. deleted fine.  Any ideas?

[SuperDave]

Just skip it and do the other stuff. We'll get it another way.

[familyfun]

OK, I finished all the steps...  and attached the new logs.  Here is the link for jotti's   http://virusscan.jotti.org/en/scanresult/8d51297fdab5e5a8b5415bd59cf67a2ed95e046c

I also have a new error message which I don't know what it means or if it's important, (sorry for more stuff, but this is why I'm here!!)

ASSERT FAILED\PRojects\wtKernel\src\win32\cm\Core\cmCore\Module.cpp:9om_Codehandle !=NULL

and the application error comes up as this...    ddcmigrate.exe   says it "failed to initialize properly"
(oX80000003)

Thanks for all your help!!!!!!


[Saving space, attachment deleted by admin]

[SuperDave]

Don't worry about that error. I believe it's related to WildTangent which will be removed. There is evidence of Norton Anti-Virus left on your computer. Here's a tool to remove all of it.

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
c:\program files\WildTangent

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tiger"="-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[familyfun]

OK... I did all the steps and have attached the log report from combofix.  Thanks again and I'll wait for your next instructions!

[Saving space, attachment deleted by admin]

[SuperDave]

I really messed up that script. Let's try that again.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tiger"=-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[familyfun]

Ok...I ran the combofix as instructed and attached the log.  (combolog2.txt)  And I not really worried about a messup!  You're still the pro...  Thank you for helping!!

[Saving space, attachment deleted by admin]

[SuperDave]

You're still the pro

If only you knew!! I'll be back as soon as I figure out this log.

[SuperDave]

What does "pacificservice" mean to you? Everything points to this file being infected but I want to make sure before I delete it.

[familyfun]

I have not heard of it before... but if it's bad, it needs to go right?