Solved How to Resolve Virus using 100% CPUs In Vista-32 bit

Status
Not open for further replies.
Please read through the Norton information I left. This is a new feature from Norton and many users are complaining about it! Isn't it remotely possible that there was an update from Norton with this around the same time you were in the hotel? You should at least change the Performance setting to High.

I am not big on coincidences. But because of what I read on 3 Norton forum, I think this time it should be considered.

Please tell me how much RAM you have installed. And I would like you to open the TaskManager when the CPU is high and see how much memory that process with the high CPU is using at that time.

I will review the Combofix log again and I'd like you to run HijackThis so I can see if there are any bad entries:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Summary:
1. Reset the Norton Performance Alert to High.
2. Check for the installed RAM
3. Run scan with HJT
 
HiJack Log and Comment

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:46:54 PM, on 1/20/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carrie\Desktop\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe /H
O4 - HKUS\S-1-5-18\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\Windows\system32\dldocoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12376 bytes


I did read the Norton Virus info you sent. I had it set to medium and changed it to high as you suggested to run the "hijack log." I didn't have this version of Norton Antivirus installed when my problem first started. I had the 2010 version but it expired about a month ago so I had to purchase a new version. Thus, I don't think it has impacted the high CPU usage as that existed before and after I installed the 2011 version.

I have 2 GB of memory. Recently I was notified that svchost.exe was using high CPU with the following message, "svchost.exe--at least 42% of one CPU is being used." Never do I have any process using more than 50% but it gets very close. The memory was not affected when I received this notification and listed as "normal." That's generally what happens.

Perhaps the hijack log or most recent combofix log provides some additional insight?

As always, thanks for all your help and hanging in here with me still =)

Cashcab
 
In an effort to help you better evaluate the CPU usage, I have prepared the following for you. It is in 4 steps: Directions will be given for each step. When completed, boot back into Normal Mode. Assess the CPU usage.
It would be very helpful to you to print out the following HJT log instructions as you will need it for the following steps:
Step 1:
Check the running entry in the Hijack log.
=============================================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe>
C:\Program Files\iTunes\iTunesHelper.exe> updater
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\Windows\system32\dldocoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Close all Windows exceot HijackThis and click on "Fix Checked."
=========================================
Please go right on to Step 2,3 & 4 in the next reply.
 
Continued>
Step 2:
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press Enter
Note: Processes for any of the programs and apps that you checked in the HJT log can be unchecked on the Startup menu:

Step 3:
To remove the corresponding entries from Startup using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
  • Click on Selective Startup
  • Choose the Startup tab:
    This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

Step 4
Change the corresponding Services Startup type to Manual:
Click on Start> Run> type in services.msc> enter> double click on each of the following Services and set the Startup type to Manual: (if you need reference, these services are the 023 entries in the HJT log:)
Bonjour Service (the entry on the Startup menu for this is DNSResponder.exe for Step 2)
dldoCATSCustConnectService
dldo_device
GoToAssist (this is for remote help at Ctrix. You may have used it at one time. If you are not currently using this, the Service can be Stopped and set to Disabled)
Google Update Service (gupdate)
Google Software Updater (gusvc)
iPod Service
stllssvr
Exit Services
NOTE: If you are not using any of the above programs or apps, use Add/Remove Programs to uninstall them while you are still in Safe Mode.

Reboot into Normal Mode
Check CPU usage.

Edit: Forgot this:
To disable Java Plug-in 2 SSV, click Tools drop down box (or press ALT+T keyboard shortcut), click Manage Add-ons, select / highlight “Java Plug-in 2 SSV Helper” and click Disable button (or right-click the Java plug-in and click “Disable” from the context menu).

If the Java plugin is not shown in the Manage Add-ons window, try to select “All add-ons” of Show option list box (on left-pane of Manage Add-ons window).
 
Bobbye,

I executed the 4 steps outlined. Unfortuntely, it did not resolve the issue. It actually made it worse because there was still 100% CPU usage and internet explore and outlook took forever to open (over 5 minutes) and when it did open it was minimized and extremely slow. Therefore, I attempted to reverse all the steps. I believe I did this however I now have some type of error which won't allow me to use my computer outside of safemode. Here is the error message in its entirety.

RegSrv32
To register a module, you must provide a binary name

Usage: regsrv32 [/u][/s][/n][/i]:cmdline]]dllnme/u-unregister server
/s-silent;display no message boxes
/i-cll dllInstll passing it an optional [cmdline];
when used w/u calls dll uninstll
/n-do not cll DllRegisterServer; this option must be used with/i

Do you know how I can fix this please.

Thanks much,

Cash Cab
 
Ignore regsvr3 message

Bobbye,

I restored my system to an earlier point and the REGSVR3 Message is now gone. I'm back to my slow system but at least it works. Perhaps we can't go any further since it seems that nothing we've tried as really reduced the CPU usage? What are your thoughts?

Thanks,

CashCab
 
RegSrv32 Error

Apparently the RegSvr32 server was not resolved when I restored my system to an earlier point. This morning when I logged on it came up again. I looked up how to fix it on the internet but would prefer if you could tell me the most preferred way to fix as there seems to be many options and many cautions.

Thanks much,

Cashcab
 
Okay- it is obvious to me that you have system problems, not malware. You probably really caused problems trying to "reverse" whatever you did! You cannot go back and forth- doing and undoing! Every time you do, it changes the system.

I will offer on more suggestion:
Open Norton> Disable or uninstall the Performance monitor.
See if that stops the alerts. You have not given any indication of problems these alerts are causing except an annoyance to you.

I have a high CPU usage issue that I can't resolve. None of the processes show greater than 50% CPU usage but the total is almost always 100% even when just launching. Processes using high CPUs change regularly[-that's normal.
It seems like a virus/bug-it isn't. You "assumed" it was a virus because the alert came from Norton. but I can't locate it.
Computer is slower than slow- The system is slow because there are too many processes starting on boot and running in the background. but can't resolve issue.
It appears this happened when using wi-fi on unsecured line -if this was the cause of something so dramatic, the system would be full of malware and bad entries- it isn't!at hotel (unless it was coincidence)..
Click to expand...

And I wasn't aware of a regserv problem you apparently created that when you try to reverse whatever you did.

Recommend you reformat/reinstall. Put only the AV program, 3rd party firewall is you have one, touchpad if laptop and possibly network service>>>> nothing else.

If this is a work computer, perhaps you IT person can give assistance.

I have never been a Norton fan. This is just one more reason why.

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
 
Status
Not open for further replies.

Similar threads

midian182
Recent high-end Intel CPUs are crashing Unreal Engine games
Replies
24
Views
573
GrumpyOldGamer
G
Daniel Sims
HaLow Wi-Fi standard achieves 1.8-mile range in field test
Replies
7
Views
308
Bamda
Bamda
Daniel Sims
Ford owners using Sync 3 infotainment should turn off Wi-Fi
Replies
4
Views
461
Greg Powell
G

Latest posts

Back