| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60677 | 2005-08-09 19:01:00 | challenging problem be aware | akberali (8664) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 379740 | 2005-08-09 19:01:00 | few days back i posted a message that my CPU usage is 100 % . In the task manager the svchost.exe touches millions. I tried every possible way, reinstalled W2K with SP4, IE 6 Sp1 again and again. Every anti virus with latest update was also installed and the machine was scanned, but nothing was found, BUT THE TASK MANAGER WILL AGAIN SHOW 100 % cpu USAGE WHICH WILL OFFCOURSE FREEZE THE MACHINE AND I HAD TO RESTART. I then tried HijackThis, which improved the situation a little bit. The latest log is as following: Logfile of HijackThis v1.99.1 Scan saved at 10:04:12 PM, on 8/9/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\SYSTEM32\sss.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\system32\taskmgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\unzipped\hijackthis\HijackThis.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - www.kaspersky.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - www.symantec.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www.symantec.com O17 - HKLM\System\CCS\Services\Tcpip\..\{1B7B8191-A49A-489A-97E6-CD502C023676}: NameServer = 203.135.1.117 203.135.0.5 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINNT\SYSTEM32\sss.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe NOW I AM OBSERVING THAT THERE IS ANOTHER PROCESS SSS.EXE IN THE TASK MANAGER, WHAT IS THIS? I SERACHED THE WEB BUT COULD NOT FIND ANY SOLUTION. Believe me that I have suffered a lot, so give me your expert opinion regards akber ali :blush: |
akberali (8664) | ||
| 379741 | 2005-08-09 19:28:00 | NOW I AM OBSERVING THAT THERE IS ANOTHER PROCESS SSS.EXE IN THE TASK MANAGER, WHAT IS THIS? I SERACHED THE WEB BUT COULD NOT FIND ANY SOLUTION.You have also posted this issue separately here (pressf1.pcworld.co.nz). It helps when trouble shooting to keep all related information in the one thread, otherwise you will get duplication of advice and people assisting do not know what has already been suggested and failed (or worked). :) | Jen (38) | ||
| 379742 | 2005-08-09 22:34:00 | C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe I've had to kill this twice now and I'm considering stopping resident protection. Norton antivirus is an expencive joke. I know I've run norton on a machine and then run a real antivirus and caught 4 of the bu66ers. Try this free one www.google.co.nz It catches trojans like the the tripple letter ones eg aaa.exe ddd.exe etc Oh and ofcourse viruses too :thumbs: and it's free. Also resident protection from norton could be chewing your CPU time running background scans. |
apparition (3207) | ||
| 379743 | 2005-08-10 04:05:00 | O17 - HKLM\System\CCS\Services\Tcpip\ . . \{1B7B8191-A49A-489A-97E6-CD502C023676}: NameServer = 203 . 135 . 1 . 117 203 . 135 . 0 . 5 If this Domain does not belong to your ISP, or your firms network, this entry should be fixed . 'SearchList' entries should be fixed too . Currently there is no visitor's assessment: Do you know the IP or Domain '203 . 135 . 1 . 117 203 . 135 . 0 . 5'? If not, fix this entry . |
SurferJoe46 (51) | ||
| 1 | |||||