Processor jams

Discussion in 'Malware Help (A Specialist Will Reply)' started by oledave7, May 20, 2005.

  1. oledave7

    oledave7 Private E-2

    Hi. I'm using a Toshiba Satellite A75 running Windows XP. The problem is that the processor will occassionally jam up with running processes, slow to a crawl, lock up, and/or programs or windows will change randomly. Because of the dust problems here in Baghdad, the laptop overheats and shuts down when the processes run too long. Many times I had to turn off the computer without shutting down when it locks up.

    We have three Iraqi IT guys who have all tired to fix it. They haven't been able to. They ran Webroot and Windows Mechanic programs and deleted a few "backdoors." They used a can of compressed air and blew quite a bit of dust out of the fan channels, so now it overheats slower than before.

    So I registered, read, and followed-in-detail, all of the instructions in Major Attitude's closed post describing what to do before seeking advice on this forum. I installed Ad-awareSE, AD-aware VX2, CCleaner, Spybot, SpywareBlaster, McAfee AVERT Stinger, CWShredder, Kill2me, about:Buster, HSRemove and ran them all. That helped some, but it's still happening, just less frequently.

    I booted in Safe Mode and tried to run Trend Micro's online scan with Java and Symatec's Security Check but I could not get either one of them to run. Tried it in Normal Mode and couldn't get it to run. It may be that the internet is so slow here that those sites time out before completing the scan.

    Still, the computer occassionally slows way down, locks up, or overheats before I can properly shut it down. I ran Hijack and took a look at the results myself and - just a gut feeling - there's too much junk in there. But I didn't delete anything.

    So that's it. Any help would be greatly appreciated.

    oledave7
     
    oledave7, May 20, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like some of your issues are really hardware related but let's see if we can find any malware at work. Please follow the steps below:


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 21, 2005
    #2
  3. oledave7

    oledave7 Private E-2

    Thanks for looking at this for me. Hijack this log attached.
     

    Attached Files:

    oledave7, May 23, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should uninstall WeatherBug if still installed. I would also dump this Logitech Desktop Messenger program as it seems to be screwing up many PCs.


    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O18 - Protocol: bw+0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {6E68C15E-CC37-4307-A281-A36922C23BF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.

    Now reboot your PC.
    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, May 23, 2005
    #4
  5. oledave7

    oledave7 Private E-2

    Thank you for this help. Did precisely what you suggested. New logfile attached. Computer definitely running faster. Not overheated unless I leave it on for a long time.
     

    Attached Files:

    oledave7, May 24, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 24, 2005
    #6
  7. oledave7

    oledave7 Private E-2

    Thank you again. I ran the optional updates - b/c, why not? I don't understand it, but the computer is going much faster now. Thanks for your help.
     
    oledave7, May 25, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
    chaslang, May 26, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds