1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] HijackThis log... CCAPP.exe at 100%CPU

Discussion in 'Virus & Other Malware Removal' started by PC_Sailing, Sep 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. PC_Sailing

    PC_Sailing Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    5
    Basic problem of 'clogged PC'. Runs okay until I use Outlook mail. I have NAV autoprotect enabled, and checks email. I think problem appears after I send email and NAV screen is done. :eek:

    PC then at 100% CPU. When I shut down, I am prompted to end-process for CCAPP.EXE. System good after reboot... not sure if other Apps also trigger the problem. I avoid Internet Explorer, but do use sometimes.

    ---- Win XP Home. Netscape 7.1, Outlook 2003. Nav 2003, Adaware.

    Thanks.
    Larry... in search of PC-smooth-Sailing ;)

    Logfile of HijackThis v1.98.2
    Scan saved at 1:25:14 PM, on 9/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\WINDOWS\System32\msdtc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\TDispVol.exe
    C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Network Device Switch 3\NDSTray.exe
    C:\WINDOWS\System32\PRISMSTA.EXE
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
    C:\Documents and Settings\Lar.FPHIL\My Documents\Dnld_Prgrams\HiJackThis_1_98\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 03
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\Network Device Switch 3\NDSTray.exe"
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\OpenOffice.org1.0.2\program\quickstart.exe
    O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Help - {40064449-FF47-4B28-8406-8D56780D7CEF} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: Support - {48697E64-BDD5-4B6E-B6C4-5B24B2C08D88} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {EE7901FD-B15B-4995-BC49-8836075E2BD6} - http://www.comcast.net (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0837be82b2f1c014a522/netzip/RdxIE601.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXX2
    O17 - HKLM\Software\..\Telephony: DomainName = XXXXX2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXXXX2
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = XXXXX2

    ----- note: XXXXX2 is name of local network -------
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  3. PC_Sailing

    PC_Sailing Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    5
    Thx RR.

    No, does not happen at every shutdown. The 'shutdown' is not the problem per se. If I simply sent email (outlook) and Norton scanned it, CPU max's... as indicated by Norton System Doctor dashboard.

    Thanks for the Symantec specific links.

    I tested the Outlook email with Norton protection turned OFF for Outgoing email. No problem... CPU usage goes up a couple percent and returns to normal. So now I need to track down the problem further.

    BTW, I do have a HW firewall (in Linksys Router). Had no problem (of this nature) with it previously and have not changed its settings lately. I left it in-line and ON for the above Test of email Sent_w/o_NAV-scan.

    more... I do update via Symantec live update regularly. And I have not updated with latest MS service pack of Aug/Sep.

    I guess I'm glad to here HijackThis scan is not indicating problems.

    SOLVING: (attempts)
    * have Comcast, not DSL. Up to a week ago, did not have CCAPP problem.
    * did run Adaware (last week) and removed/quarantined 8 items (mostly tracking cookies). When the CPU 100% prob came up, I reinstated the 8 items from with Adaware (view Log and restore or whatever they call it). No fix for the CCAPP problem.
    * I suspect I may have left NAV autoprotect enabled when running Adaware. (ususally think to disable it... not sure I did/did-not)

    ** I will try some things... disabling in MSCONFIG. See what happens after reboot and testing.

    thx,
    L
     
  4. PC_Sailing

    PC_Sailing Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    5
    1) I've tried disabling these programs from Startup, but did not solve. (most done 1 at a time)
    * CFD.exe
    * (blank) a no-name file
    * cmluc.exe
    * jusched.exe
    **000StTHK.exe, nwiz.exe, PRISMSTA.exe, tgkill.exe

    2) I've tested by disabling radio (bypass WiFi Linksys) and use ETH router (Netgear).. not solved. Tried bypassing ETH router (but no email send... would have to reconfig). Lastly, powered off Cable modem and Router.... reboot. No solution.


    Any ideas what next?

    :confused: / :cool:
     
  5. PC_Sailing

    PC_Sailing Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    5
    Pretty simple.

    I ran Adaware again, but changed settings to Scan Registry (and possibly a couple other minor changes for scan settings)... Key(?) could be that I unchecked "run at StartUp" (even though I had had the custom setting as 'no automatic scanning'.).

    Did quarrantine and deleted 6 objects, only 1 of which was a suspect IE Browser Hijack (and I think this may be due to a Comcast 'legitimate' branding ploy in IE... or a way to track PC's behind a router/FW?). Others were Trk'g cookies.

    Now when sending test emails, the Norton AV momentary popup appears (as it used to), and the CPU usage % stays relatively low... returns to near zero.


    If this isn't the fix, I'll return and post update.​

    If it is the fix.... I'll be happy to run Norton AV in auto mode, and relegate Adaware to a manual run periodically.​


    Thanks again for the HJ Log review and your suggestions....

    Well I am off "to the tent" ( aka, 'happy camper' )

    Larry :)
     
  6. PC_Sailing

    PC_Sailing Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    5
    With all of the buzz about trojans and worms and hijackthis... I think it worthwhile to point out what I think was the Root Problem in my case.

    Symptom: PC bogs down... 100% CPU usage. CCAPP.exe shows up as the 'consuming process'.

    Problem: I was running Norton AntiVirus with autoprotect on and email checking on. (CPU usage went to 99-100% after sending email.) I also had recently run Adaware and probably changed some of the Scan Settings.

    Solution: Keep NAV on.
    Disable Adaware from running at Startup. (General Settings)
    Also, uncheck 'Automatic Run' settings to disable that feature. (Automation)
    Run Adaware manually / independently / as-needed. Reboot after running.

    Added benefits.... my PC runs faster generally. Less time lag for Print dialogues, display refresh, etc.

    Cheers,
    Larry
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Great. Thanks for the detailed resolution -- glad to see you "solved" it. :)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/273595

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice