High Cpu Usage/mouse Freezing

[grannyboy]

Hi All

Please can anyone help!!!

I have a HP Pavillion Laptop 14mths old, dv5000. with a AMD Turion Proc 64 mobile tech ML37. It has Synaptics Ps/2 port touchpad mouse.

The problem started with the left mouse button freezing up and not selecting items corrrectly ie: dragging all cells on a Excel spreadsheet and not deselecting tbs in Firefox. Now the CPU usage has gone through the roof ie firefox 100%, Excel spreadsheets 100%. I have reconfigured the mouse so its now a lefthanded mouse ie I use the right button which seems to help but the CPU usage is still on max most of the time. I have unistalled Norton to see if this would help but no avail. I ahve used Adware and Spyware etc to no avai.

Please Help I am at my wits end!!

Reagrsd

Stu

 

[howard_hopkinso]

I can`t see anything particularly nasty in your HJT log. However, it appears you`re running two antivirus programmes. This is not recommended, will slow your system down and can cause serious conflicts.

Read this post HERE and follow the instructions for removing Symantec/Norton.

Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of grannyboy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Many thanks Howard I will try all that.

Kind regards

Stuart

 

[grannyboy]

Virus problems.

Hi Howard

I followed all your great instructions and these are the logs that I was left with.

King regards

Stuart

 

[momok]

Hi,

May I help you out with your problems.
You are running an outdated version of HijackThis.

Please go to this thread HERE.

I also noticed that your AVG log displays 'No Action Taken' for all the files detected.

I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to Start > Control Panel > Add and Remove Programs. Remove anything related to RegCure as it is a rogue software that installs adware on your system.

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

GPinstall.exe

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O4 - Global Startup: VersionTracker Pro.lnk = ?

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\GPInstall.exe
C:\Program Files\RegCure
Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

Many thanks for your trouble. I have followed your instructions and here are the logs.

Regards

Stuart

 

[grannyboy]

Hi Again

Still no change, high CPU usgage Excel 100% can't do anything. Mouse still will not work configured to RH, LJ only works but constantly have to Ctrl Alt Del to unfreeze.

I am at my wits end here!!

Regards

Stu

 

[howard_hopkinso]

Threads merged. Please don`t open any more threads for this. Thanks.

momok will analyze your logfiles and advise.

Regards Howard

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[momok]

Hi,

Your logs appear to be clean. However I noted that several of the items in your AVG log showed 'ignored' under Actions taken.

Please run AVG Antispyware again and set all the actions to 'Quarantine'. Perform the actions on all infected files and archives.

I also note that you have a high number of unnecessary processes running.

May I suggest that you read this thread here on how to speed up your system.

Still no change, high CPU usgage Excel 100% can't do anything. Mouse still will not work configured to RH, LJ only works but constantly have to Ctrl Alt Del to unfreeze.

Also, would you kindly elaborate what you mean by that?

Please attach a fresh AVG Antispyware, HijackThis and Combofix log after following the above instructions.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

Latest logs attached. What I mean about CPU usage is, for example at the moment I cannot open say a excel doc and work in it, I click on a cell say and the CPU usage immediatley goes to 100% and the excel spreadsheet is un workable and freezes. Also I cannot use the mouse in righthand mode, the select button will just not work at all IE: will not select anything. It is now in lefthand mode but will often freeze and will only unfreeze when I do a Ctrl Alt del.

Regards

Stu

 

[momok]

Hi,

I notice that you have lexmark toolbar installed. I would recommend you uninstall it unless you have a need for it.

Go to start > run. Type msconfig and press enter.
Go to the services tab and check hide all microsoft entries. Next, click 'Disable All', and then reenable entries belonging to your firewall and Antivirus.
Then go to the startup tab and click Disable all. Then do the following.

Please follow these instructions carefully.

1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt (from my attachment) and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and ComboFix log.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

I have followed your instructions up to the point where you click on the green light to begin execution of the script, I then get the error message "selected file does not appear to be a valid script".

regards

Stu

 

[momok]

Hi,

Sorry about that. I've reattached a new file. Please try again.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

All done and attached. Seems (touchwood!!) to be running ok, Mouse working normal and can now use Excel!!. Eally appreciate all your effort on this.

King regards

Stu

 

[momok]

Hi,

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

If you find your system a little slow, please read this thread here on how to speed up your system.

Should you have any further problems, please post in this thread.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

Your a star many thanks

Kind Regards

Stu

 

[momok]

Hi,

No problem. Glad to be of help.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

Its at it again!!! Had to convert the mouse to Left-Handed and the CPU usage gone through the roof again especially on Excel!! (Its fine when you open a spreadsheet but as soon has you click on a cell CPU usage goes to 100% and the spreadsheet & excel cannot be used)

Really getting me down now!!! I have also restored to the first restore point from yesterday when it was fine, it makes no difference!!

Regards

Stu

 

[momok]

Hi,

I've examined your logs, and found them to be clean.

However I see that Lexmark Toolbar is still installed on your system. There has been a debatable history of Lexmark having installed spyware on its customer's systems. Judging by the huge number of lexmark related dlls running on your system, I would recommend that you uninstall the toolbar immediately.

I'm not sure if that would solve the problem, but let me know what happens after that. Also, please provide details on which exact processes appear to be using up most of your system resources when you check task manager.

Thanks.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

I thought I had deleted the Lexmark toolbar but the folder remained behind, now deleted.

When running Firefox and nothing else CPU usage is about 2-3 % although the system idle process shows 98. Excel will just not work at all well it opens but soon as press a cell CPU usage goes to 100% and remains that way, I have to shut it down through Task Manager. The mouse is now configured as a RH but only works LH ie: RH button is the primary button. LH will not operate at all except now and again. 10 mins ago neither button was working!!!

Regards

Stu

 

[momok]

Hi,

Try the following.

Reboot into safe mode and unhide all files and folders.

Go to start > Run. Type services.msc and press enter.

Disable and stop the following services.
LXCYCATS

Run HijackThis and fix the following.
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

Delete the following folders.
C:\Program Files\lx_cats
C:\Program Files\Lexmark Toolbar

Navigate in Windows explorer and rename the following:
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll

to LXCYtime.d11.bak (note the original extension change too.)

Reboot into normal mode and rehide your files.

I have doubts if this will actually help the excel problem. (I suspect it might not be malware related) Let me know how it goes though. Have your Windows Microsoft Office CD ready to reinstall Excel just in case.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

Followed your instructions but still no change, but now the printer does not work!!! Tried reinstalling but to no avail. Removed windows office to see if this helps excel.

Reagards

Stu

Log att

 

[momok]

Hi,

In that case, please go back to

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

and locate your LXCYtime.d11.bak file. Rename it back to LXCYtime.dll.

After that, go to start > run > services.msc.
Restart the LXCYCats service. Your printer should work as per normal.

I have no idea what may be causing the problem. Your HijackThis log shows the following running processes:
D:\Setup.EXE
D:\install\x86\instgui.exe

I'd like to check with you, did you put those files there? If not, please visit this link http://virusscan.jotti.org/

Click the Browse... button and navigate to the following file:
D:\Setup.EXE
Click Open
Also, do the same for:
D:\install\x86\instgui.exe

Please let me know the results.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[grannyboy]

Hi Momok

I had the printer disk in the D drive when I produced the log.

Reinstalled Excel and working fine at the Mo. Mouse also working fine, I will see how long it lasts!!!

Regards

Stu

 

[momok]

I see. Hope things go well for you now. Do let me know if the problem arises again. For all you know it could be non malware related.


Regards,
Your friendly Momok =)

This thread is for the use of grannyboy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.