Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Aug 2005
    Posts
    4

    Default challenging problem be aware

    few days back i posted a message that my CPU usage is 100 % . In the task manager the svchost.exe touches millions. I tried every possible way, reinstalled W2K with SP4, IE 6 Sp1 again and again. Every anti virus with latest update was also installed and the machine was scanned, but nothing was found, BUT THE TASK MANAGER WILL AGAIN SHOW 100 % cpu USAGE WHICH WILL OFFCOURSE FREEZE THE MACHINE AND I HAD TO RESTART.

    I then tried HijackThis, which improved the situation a little bit. The latest log is as following:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:04:12 PM, on 8/9/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\SYSTEM32\sss.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\system32\taskmgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\unzipped\hijackthis\HijackThis.exe

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1B7B8191-A49A-489A-97E6-CD502C023676}: NameServer = 203.135.1.117 203.135.0.5
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINNT\SYSTEM32\sss.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    NOW I AM OBSERVING THAT THERE IS ANOTHER PROCESS SSS.EXE IN THE TASK MANAGER, WHAT IS THIS? I SERACHED THE WEB BUT COULD NOT FIND ANY SOLUTION.

    Believe me that I have suffered a lot, so give me your expert opinion


    regards

    akber ali

  2. #2
    Moderator Jen's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    8,184

    Default Re: challenging problem be aware

    Quote Originally Posted by akberali
    NOW I AM OBSERVING THAT THERE IS ANOTHER PROCESS SSS.EXE IN THE TASK MANAGER, WHAT IS THIS? I SERACHED THE WEB BUT COULD NOT FIND ANY SOLUTION.
    You have also posted this issue separately here. It helps when trouble shooting to keep all related information in the one thread, otherwise you will get duplication of advice and people assisting do not know what has already been suggested and failed (or worked).

  3. #3

    Default Re: challenging problem be aware

    Quote Originally Posted by akberali
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    I've had to kill this twice now and I'm considering stopping resident protection.

    Norton antivirus is an expencive joke. I know I've run norton on a machine and then run a real antivirus and caught 4 of the bu66ers.

    Try this free one
    http://www.google.co.nz/url?sa=t&ct=...EYmAswH3ga2HDg
    It catches trojans like the the tripple letter ones eg aaa.exe ddd.exe etc
    Oh and ofcourse viruses too and it's free.

    Also resident protection from norton could be chewing your CPU time running background scans.
    I was here before in times of yore but then my account broke :-/

  4. #4
    Smiling Down On Youse SurferJoe46's Avatar
    Join Date
    May 2005
    Location
    Hamilton, Montana, USA
    Posts
    13,961

    Default Re: challenging problem be aware

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1B7B8191-A49A-489A-97E6-CD502C023676}: NameServer = 203.135.1.117 203.135.0.5

    If this Domain does not belong to your ISP, or your firms network, this entry should be fixed.

    'SearchList' entries should be fixed too.

    Currently there is no visitor's assessment:

    Do you know the IP or Domain '203.135.1.117 203.135.0.5'?

    If not, fix this entry.


    "Vegetarian" means you're a lousy shot.


Similar Threads

  1. Ad-Aware 2007 problem
    By colmack in forum PressF1
    Replies: 1
    Last Post: 24-03-2008, 10:08 AM
  2. Challenging problem
    By akberali in forum PressF1
    Replies: 2
    Last Post: 05-08-2005, 08:29 AM
  3. Problem with Lavasoft Ad-aware
    By Peter M in forum PressF1
    Replies: 4
    Last Post: 15-04-2005, 10:02 AM
  4. Challenging problem - for me anyway!
    By bba12 in forum PressF1
    Replies: 7
    Last Post: 25-11-2004, 12:19 PM
  5. Is Ad-aware causing this problem?
    By Hopeless in forum PressF1
    Replies: 6
    Last Post: 08-08-2004, 03:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •