[Solved] HijackThis log... CCAPP.exe at 100%CPU

Basic problem of 'clogged PC'. Runs okay until I use Outlook mail. I have NAV autoprotect enabled, and checks email. I think problem appears after I send email and NAV screen is done.

PC then at 100% CPU. When I shut down, I am prompted to end-process for CCAPP.EXE. System good after reboot... not sure if other Apps also trigger the problem. I avoid Internet Explorer, but do use sometimes.

---- Win XP Home. Netscape 7.1, Outlook 2003. Nav 2003, Adaware.

Thanks.
Larry... in search of PC-smooth-Sailing

Logfile of HijackThis v1.98.2
Scan saved at 1:25:14 PM, on 9/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Network Device Switch 3\NDSTray.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Documents and Settings\Lar.FPHIL\My Documents\Dnld_Prgrams\HiJackThis_1_98\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\Network Device Switch 3\NDSTray.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\OpenOffice.org1.0.2\program\quickstart.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Help - {40064449-FF47-4B28-8406-8D56780D7CEF} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {48697E64-BDD5-4B6E-B6C4-5B24B2C08D88} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {EE7901FD-B15B-4995-BC49-8836075E2BD6} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0837be82b2f1c014a522/netzip/RdxIE601.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXX2
O17 - HKLM\Software\..\Telephony: DomainName = XXXXX2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXXXX2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = XXXXX2

----- note: XXXXX2 is name of local network -------

 

There is nothing unusual in the Scanlog. CCAPP is a NAV file. Does this happen on every shutdown? And is the cpu usage constant?

http://service1.symantec.com/SUPPOR...88256e4d0061108b?OpenDocument&src=bar_sch_nam

http://service1.symantec.com/SUPPOR...88256dc00071671d?OpenDocument&src=bar_sch_nam

Also, while you don't have "cmanager" I'm wondering about Cmluc.exe which may perform a similar function.

 

Thx RR.

No, does not happen at every shutdown. The 'shutdown' is not the problem per se. If I simply sent email (outlook) and Norton scanned it, CPU max's... as indicated by Norton System Doctor dashboard.

Thanks for the Symantec specific links.

I tested the Outlook email with Norton protection turned OFF for Outgoing email. No problem... CPU usage goes up a couple percent and returns to normal. So now I need to track down the problem further.

BTW, I do have a HW firewall (in Linksys Router). Had no problem (of this nature) with it previously and have not changed its settings lately. I left it in-line and ON for the above Test of email Sent_w/o_NAV-scan.

more... I do update via Symantec live update regularly. And I have not updated with latest MS service pack of Aug/Sep.

I guess I'm glad to here HijackThis scan is not indicating problems.

SOLVING: (attempts)
* have Comcast, not DSL. Up to a week ago, did not have CCAPP problem.
* did run Adaware (last week) and removed/quarantined 8 items (mostly tracking cookies). When the CPU 100% prob came up, I reinstated the 8 items from with Adaware (view Log and restore or whatever they call it). No fix for the CCAPP problem.
* I suspect I may have left NAV autoprotect enabled when running Adaware. (ususally think to disable it... not sure I did/did-not)

** I will try some things... disabling in MSCONFIG. See what happens after reboot and testing.

thx,
L

 

1) I've tried disabling these programs from Startup, but did not solve. (most done 1 at a time)
* CFD.exe
* (blank) a no-name file
* cmluc.exe
* jusched.exe
**000StTHK.exe, nwiz.exe, PRISMSTA.exe, tgkill.exe

2) I've tested by disabling radio (bypass WiFi Linksys) and use ETH router (Netgear).. not solved. Tried bypassing ETH router (but no email send... would have to reconfig). Lastly, powered off Cable modem and Router.... reboot. No solution.


Any ideas what next?

/

 

Pretty simple.

I ran Adaware again, but changed settings to Scan Registry (and possibly a couple other minor changes for scan settings)... Key(?) could be that I unchecked "run at StartUp" (even though I had had the custom setting as 'no automatic scanning'.).

Did quarrantine and deleted 6 objects, only 1 of which was a suspect IE Browser Hijack (and I think this may be due to a Comcast 'legitimate' branding ploy in IE... or a way to track PC's behind a router/FW?). Others were Trk'g cookies.

Now when sending test emails, the Norton AV momentary popup appears (as it used to), and the CPU usage % stays relatively low... returns to near zero.

If this isn't the fix, I'll return and post update.​

If it is the fix.... I'll be happy to run Norton AV in auto mode, and relegate Adaware to a manual run periodically.​

Thanks again for the HJ Log review and your suggestions....

Well I am off "to the tent" ( aka, 'happy camper' )

Larry

 

With all of the buzz about trojans and worms and hijackthis... I think it worthwhile to point out what I think was the Root Problem in my case.

Symptom: PC bogs down... 100% CPU usage. CCAPP.exe shows up as the 'consuming process'.

Problem: I was running Norton AntiVirus with autoprotect on and email checking on. (CPU usage went to 99-100% after sending email.) I also had recently run Adaware and probably changed some of the Scan Settings.

Solution: Keep NAV on.
Disable Adaware from running at Startup. (General Settings)
Also, uncheck 'Automatic Run' settings to disable that feature. (Automation)
Run Adaware manually / independently / as-needed. Reboot after running.

Added benefits.... my PC runs faster generally. Less time lag for Print dialogues, display refresh, etc.

Cheers,
Larry

 

Great. Thanks for the detailed resolution -- glad to see you "solved" it.