[Essexboy]

My general assessment is that this is not malware related, so let check out your system next

Download Speedfan select the direct download link and install it. Once it's installed, run the program and post here the information it shows. The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.


(this is a screenshot from a vista machine)

[Advertisements]

I downloaded SpeedFan, but when i tried to execute on Step 3 of 4, "Your Software is downloading..." i get a message:  "1.  You may need to fix Windows errors  2. Scan now to diagnose errors  Click here to start", and when i do, i get an Internet Explorer pop-up window for http://www.reimagepl...t&klc=481018558, for Windows Vista Repair.  Wasn't sure if that was expected - seems fishy.

 

And another FYI, when i saw the application name "SpeedFan", it made me wonder again if this is just a hardware failure on my machine, as we replaced the fan 2 years ago, as it was part of a known defect for this particular HP laptop model.

[dogstar21]

I downloaded SpeedFan, but when i tried to execute on Step 3 of 4, "Your Software is downloading..." i get a message:  "1.  You may need to fix Windows errors  2. Scan now to diagnose errors  Click here to start", and when i do, i get an Internet Explorer pop-up window for http://www.reimagepl...t&klc=481018558, for Windows Vista Repair.  Wasn't sure if that was expected - seems fishy.

 

And another FYI, when i saw the application name "SpeedFan", it made me wonder again if this is just a hardware failure on my machine, as we replaced the fan 2 years ago, as it was part of a known defect for this particular HP laptop model.

[Essexboy]

OK I am going to stop using filehippo now if it is adding adware to its downloads

Delete the downloaded copy that you have and download a clean version from here http://www.majorgeek...s/speedfan.html
Using one of these download links

Then could you run AdwCleaner (an updated copy)

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Then run a fresh FRST scan please. My apologies for that

[dogstar21]

I'm running AdwareCleaner now.  FYI, when i opened Firefox, i got a redirect to (http://vosteran.com/...=1059228288&ir= )  also, when i tried to download SpeedFan from MajorGeeks, i got re-directed to that re-image page from before.

[dogstar21]

Here's the content of C:\AdwCleaner[S1].txt:

----------------------------------------------------

# AdwCleaner v4.102 - Report created 29/11/2014 at 17:37:22
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Pete - PETE-PC
# Running from : C:\Users\Pete\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Pete\AppData\Local\WSE_Vosteran
[!] Folder Deleted : C:\Users\Pete\AppData\Roaming\WSE_Vosteran
File Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\user.js
File Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\searchplugins\Vosteran.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\WSE_Vosteran

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[4z05qces.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Vosteran");
[4z05qces.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[4z05qces.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_aw_14_48_other&cd=2XzuyEtN2Y1L1QzutDtDtByEyB0Ezz0AtDyEtBzzyEyD0CtAtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1B[...]
[4z05qces.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_aw_14_48_other&cd=2XzuyEtN2Y1L1QzutDtDtByEyB0Ezz0AtDyEtBzzyEyD0CtAtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R[...]
[4z05qces.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_aw_14_48_other&cd=2XzuyEtN2Y1L1QzutDtDtByEyB0Ezz0AtDyEtBzzyEyD0CtAtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E[...]
[4z05qces.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[4z05qces.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[4z05qces.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_aw_14_48_other&cd=2XzuyEtN2Y1L1QzutDtDtByEyB0Ezz0AtDyEtBzzyEyD0CtAtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V[...]

-\\ Google Chrome v39.0.2171.71

[C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_aw_14_48_other&cd=2XzuyEtN2Y1L1QzutDtDtByEyB0Ezz0AtDyEtBzzyEyD0CtAtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyE0C0BtDyCyEyCtGyCtB0DyBtG0FyD0A0AtGtDtBtByDtGyEyC0FzytB0F0AyEtDzytB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyBzy0A0DyC0BtG0B0A0AtBtGyEyE0C0CtG0BtDtBzytGyC0A0EtAyBtCyBzyzytBzztC2Q&cr=1059228288&ir=
[C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_aw_14_48_other&cd=2XzuyEtN2Y1L1QzutDtDtByEyB0Ezz0AtDyEtBzzyEyD0CtAtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyE0C0BtDyCyEyCtGyCtB0DyBtG0FyD0A0AtGtDtBtByDtGyEyC0FzytB0F0AyEtDzytB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyBzy0A0DyC0BtG0B0A0AtBtGyEyE0C0CtG0BtDtBzytGyC0A0EtAyBtCyBzyzytBzztC2Q&cr=1059228288&ir=

*************************

AdwCleaner[R0].txt - [2141 octets] - [17/03/2014 22:45:45]
AdwCleaner[R1].txt - [4420 octets] - [29/11/2014 17:34:49]
AdwCleaner[S0].txt - [2211 octets] - [17/03/2014 22:46:41]
AdwCleaner[S1].txt - [3878 octets] - [29/11/2014 17:37:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3938 octets] ##########
----------------------------------------

 

After reboot, firefox went to the Firefox home page.  Firefox has been hanging a bunch, but was doing so at times with the CPU spikes/performance issue, so not necessarily new.  I've downloaded SpeedFan from MajorGeeks and will run it now.  Hoping it's a clean version of the software (file had the same name as the one from FileHippo).

[dogstar21]

Installed SpeedFan (looks like it was a clean download this time).  I ran as administrator since i'm on a Vista machine, but it's not showing me the Fan information on the left (under CPU Usage), nor does it have the Speed01-Speed03 readings or the stuff at the bottom (Vcore1, Vcore2, etc).

 

Here is the information from the box on the right:

HD0: 44C (check)

Temp1: 63C (fire symbol)

Core 0: 51C (fire symbol)

Core 1: 52C (fire symbol)

 

I'll get a fresh Farbar scan.

[dogstar21]

Here are the results of the last FRST scan.

Attached Files

•  FRST.txt   40.13KB   126 downloads

[Essexboy]

Once again sorry for these extra steps

OK your temperatures are high, this can cause the spikes and problems you are experiencing

So time to see if there are some dust bunnies to evict

There is a small guide here which will walk you through the steps, but the main thing is to ensure that all vents are clean

http://gizmodo.com/1...pc-dust-bunnies

Have a bash at that and let me know if there is an improvement

[dogstar21]

I plan to take apart my laptop and give it a cleaning.  Thanks for your help.

Edited by dogstar21, 01 December 2014 - 01:54 PM.

[Essexboy]

Let me know if there is an improvement once done

[dogstar21]

I uninstalled Avira (it was always running, couldn't be stopped through Windows Task Manager (i got "Access is denied"), didn't have an Exit to close the application.  I uninstalled through Control Panel -->  Add/Remove Programs.

 

I then wanted to uinistall Yahoo! toolbar.  When i tried to do that, i got a process called "Au.exe*32 that started, witha a description called Yahoo! Toolbar Unistall Setup.  It's been running for about 20 minutes now taking up 50% of the CPU.  it doesn't seem to be resolving any time soon.  I think i'm going to kill the uninstall for now, as it doesn't appear to be working.  I never consciously installed the Yahoo Toolbar (i avoid Toolbar's in general).  Wondering if this is some disguised malware.  I found other online instances of users reporting this problem; the only resolution i saw was someone on BleepingComputer recommending Revo Uninstaller.

 

I also noticed that GoogleUpdater.exe seems to kick off when i start up.  Not sure if i saw this before the SpeedFan adware issue.

 

There doesn't seem to be a performance change with the removal of Avira.  I definitely think the primary issue is related to the fan/cooling of the computer, but want to make sure it's not something else as well.

[Essexboy]

In my opinion toolbars are a waste of space. Are you going to re-install Avira afterwards or do you need links to other free AV solutions ?

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.