[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2370
  • Last Modified:

explorer.exe 100% cpu usage on win xp

I have 100% cpu usage on win xp  I have shut off all process in process explorer. one by one but no help

I have the same problen with all users including users with non admin status.
0
PeerlessBev
Asked:
PeerlessBev
  • 16
  • 15
  • 3
  • +1
1 Solution
 
orangutangCommented:
Sens us your HijackThis (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download) log. Also, in Process Explorer, double-click "explorer.exe", click the "Threads" tab, and tell us the "Start Address" of the thread using the most CPU
0
 
PeerlessBevAuthor Commented:
cerinsec.dll is the most used

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:17 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\S Beim\Desktop\ProcessExplorer\procexp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\S Beim\My Documents\Unzipped\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beernet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB003" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series on wireless print server] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P51 "EPSON Stylus CX7800 Series on wireless print server" /O15 "IP_192.168.0.10" /M "Stylus CX7800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /M "PictureMate Deluxe" /EF "HKCU"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {8A4E0949-15FA-4063-B60F-5D7EBB3CA704} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {CE7AF5E3-88D8-4A87-9621-B83B500BD222} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {E49DFCDA-0BE3-4EC6-BC2A-D80A5C49DBE1} - http://www.comcastsupport.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://symantec.atgnow.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://symantec.atgnow.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127917802359
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164665712453
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: bw+0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0927935F-FA9D-40C7-A4E1-6D004917215F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: Srvolcod - {50FFB562-AE8C-4F07-AD9A-69D1DA3BF48E} - C:\WINDOWS\system32\cerirsec.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Epomptsadws - Creative Technology Ltd. - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SBEIM~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\SBEIM~1\LOCALS~1\Temp\hpdj3600.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\SBEIM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 23891 bytes

thanks
0
 
orangutangCommented:
Scan your computer with SUPERAntiSpyware (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE). Also, open Process Explorer, press Ctrl+F, and search for cerinsec.dll. What are the properties of the file?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
PeerlessBevAuthor Commented:
there are no properties. it is blank after the dll name

i will get the spyware shortly
0
 
orangutangCommented:
Actually, you should be able to view "explorer.exe"'s DLLs and double-click "cerinsec.dll"
0
 
orangutangCommented:
Oh, never mind.
0
 
orangutangCommented:
What folder is it in?
0
 
PeerlessBevAuthor Commented:
there is no info on the file except its path no description, company etc

C:\WINDOWS\system32\cerirsec.dll
0
 
orangutangCommented:
Are there any other threads that are using a lot of CPU?
It appears to be this item in your HijackThis log:
O21 - SSODL: Srvolcod - {50FFB562-AE8C-4F07-AD9A-69D1DA3BF48E} - C:\WINDOWS\system32\cerirsec.dll
Try scanning it with:
http://www.kaspersky.com/scanforvirus
http://onlinescan.avast.com/
http://www.virustotal.com/
Or back up the registry value and remove it.
0
 
PeerlessBevAuthor Commented:
I am performing a scan now
0
 
PeerlessBevAuthor Commented:
OK im still scanning with the spyware software
0
 
PeerlessBevAuthor Commented:
The super antispyware just completed...it quarantines i48 cookies...no mention of the cerirsec.dll.........I can try the kaspersky now if you think it would be helpful......there dont seem to be any other threads with significant usage
0
 
orangutangCommented:
I would just back it up and remove it. It seems highly suspicious there is absolutely no information on "Srvolcod", "{50FFB562-AE8C-4F07-AD9A-69D1DA3BF48E}", or "cerirsec.dll" on Google which means it's probably means that it's all randomly generated to prevent anyone from finding out what it is.
0
 
PeerlessBevAuthor Commented:
I should just delete it from the registry then you think?
0
 
orangutangCommented:
Also, back up and remove:
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
0
 
orangutangCommented:
Delete them, but make sure to back those registry keys first, just in case.
0
 
orangutangCommented:
Deleting:
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
is up to you. Read:
http://www.winpatrol.com/db/freesample/tgcmd.html
for more information. I don't know if:
O21 - SSODL: Srvolcod - {50FFB562-AE8C-4F07-AD9A-69D1DA3BF48E} - C:\WINDOWS\system32\cerirsec.dll
is related but since it seems to be causing problems, I would just delete it.
0
 
PeerlessBevAuthor Commented:
OK thanks First I need to restore some of the functions i killed using the process explorer. Im getting tired and probably should continue in the morning.

i will post my progress then

thanks a lot
good night
0
 
ded9Commented:
Hi,

First do a  clean boot
http://support.microsoft.com/kb/310353

And check whether computer is running slow or not. If the computer works fine its the third party software creating problem.

Also check safe mode.

Disconnect external devices  like flash drive and printers and digital camera and then check.

Also try creating a new user account and check in the new account.



Ded9
0
 
PeerlessBevAuthor Commented:
I did a clean boot....no change
I booted in safe mode,.,,,,CPU USAGE IS NORMAL

I disconecetted all printers etc booted up normally and cpu usage spiked again

I created a new user with limited rights and problem remained

Antivirus ang spyware softwares came up clean or removed some cookies that norton 360 left but usage remains high in normal startup
0
 
orangutangCommented:
And you backed up and removed those items in HijackThis?
0
 
PeerlessBevAuthor Commented:
No, I am going to do that next. To back up is it best to export the registry to my desktop?
0
 
orangutangCommented:
That would probably be the easiest way to back it up. Or you can create a system restore point. Or you can use ERUNT (http://www.larshederer.homepage.t-online.de/erunt/) to create a complete backup of your registry.
0
 
PeerlessBevAuthor Commented:
I removed the file

O21 - SSODL: Srvolcod - {50FFB562-AE8C-4F07-AD9A-69D1DA3BF48E} - C:\WINDOWS\system32\cerirsec.dll

now the high activity is coming from
CcSvcHst.exe  system
0
 
PeerlessBevAuthor Commented:
that is one of the symantec files   Norton 360 i believe
0
 
orangutangCommented:
The only thing I can think of for that would be to uninstall any Norton products with the Norton Removal Tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039) and then reinstall it.
0
 
orangutangCommented:
Unfortunately, you may have to completely uninstall it and install something else until Norton fixes the problem. I did some research and it appears that many people are having problems especially with 360.
0
 
PeerlessBevAuthor Commented:
Thats what I was just thinking. maybe I should rely on Windows firewall and either the older Norton or Kaspersky
0
 
orangutangCommented:
I've heard that Kaspersky is very good and I haven't heard too many problems with it.  You can also try free security software such as AVG Anti-Virus Free, Avast, ZoneAlarm Free, Threatfire, and many others. If you are planning on uninstalling 360, there was a recent topic with free antivirus software suggestions in it here:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23102276.html
0
 
PeerlessBevAuthor Commented:
Thank You
0
 
ded9Commented:
Hi,

i dont know how clean boot from performed. Also in safe mode it worked fine that means clean boot was not performed properly.

If clean boot was performed properly we could have come to conclusion its  a third party software.

But still i am okay with the points.

Ded9
0
 
PeerlessBevAuthor Commented:
I used the microsoft guided process for the clean boot from the link

http://support.microsoft.com/kb/310353
0
 
ded9Commented:
Hi,

What happened after the clean boot. Was the issue resolved.


Ded9
0
 
PeerlessBevAuthor Commented:
The clean boot did not have the effect desired but safe mode did. I used the Mictosoft guided clean boot to make sure I did it right.
I believe removing Norton has mitigated the problem to some degree. The system is still using a lot of resources but that at least opend it enough to be reasonable. Im thinkinf of upgrading my processor. It is about 2gig now.
0
 
NickGilbertCommented:
I really would NOT recommend using any free anti-virus products. Especially AVG Free Edition. It's extremely ineffective, resource hungry and is the worst rated product out of 9 different products in a review I'm reading... (The highest being ESET NOD32 which we also use here company wide at work).  Spend some money on your AV solution because you get what you pay for with these free programs.

Nick...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 16
  • 15
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now