Please register or login. There are 0 registered and 2847 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s September 26 - 03:44am EDT 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Software /
 

  100% CPU usage by ccapp.exe ...suspect spyware that can't be found? 
 
 Author 
 Date Written 
 Tools 
Elliot Barnathan Jun 29, 2004, 10:10pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List Replies: 5 - Views: 1851
I have run recent Norton Antivirus and Spybot and can't find the problem. On certain desktops, CPU usage is normal, but on others, it is 100%, used by ccapp.exe. I have run HijackThis but I don't want to delete until I'm sure it is spyware. Can anyone help? THanks in advance.

Elliot

Logfile of HijackThis v1.98.0
Scan saved at 9:57:04 PM, on 6/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ClipGenie\WebInstall.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elliot\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Evan\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Help - {497F12BD-F263-41C3-9928-1834DCFAE432} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {AB9A42E3-4F90-40A3-98B9-7F3216AFD51A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D5A35914-CE20-4274-AFE1-35F6468B28AC} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03827e2b2a8ca20a7a03/netzip/RdxIE601.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/account/downloads/executab...ie/IDA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4011/ftp.coupons.com/v3121/cpbrkpie.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/4007/ftp.coupons.com/r3120/cpbrxpie.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2.10/kontiki/kontiki/current/kdx.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab



Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
Joshie Versace Jun 29, 2004, 11:37pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: 100% CPU usage by ccapp.exe ...suspect spyware that can't be found?
ccapp.exe is associated with Norton AntiVirus 2003, which runs auto-protect and email checking . I uninstalled Norton and switched to AVG. Norton always slowed my computer down. You give it a try
Josh

Michael C Jun 29, 2004, 11:54pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: 100% CPU usage by ccapp.exe ...suspect spyware that can't be found?
how is AVG working for you, im using Mcfee right now and i dont mind it but im temped to try AVG.

Michael Paladin Jun 30, 2004, 08:25am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: 100% CPU usage by ccapp.exe ...suspect spyware that can't be found?
Been looking at a few other forums with regard to ccapp.exe and the general consensus appears to be that you may have a copycat Sasser virus. Apparently they can screw Norton Anti Virus. Recommendation is to run Panda (http://www.pandasoftware.com/activescan/com/activescan_principal.htm)
For what it's worth, I am running NAV2001 and ccapp.exe does not appear in my Processes list in Task Manager.

Do unto others exactly what you expect them to do to you.
angryhippy Jun 30, 2004, 08:57am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Jun 30, 2004, 08:58am EDT

 
>> Re: 100% CPU usage by ccapp.exe ...suspect spyware that can't be found?
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
Booked Space Parasite. Get rid of it. http://doxdesk.com/parasite/BookedSpace.html

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
CoolWeb Search Very bad. Download CWShredder. Half the stuff on that Hijack this log is cool web related. CWShredder is the only thing that gets rid of it. http://www.spywareinfo.com/~merijn/downloads.html

O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
ClipGenie Adware Bad get rid of it. WebInstall is a dialer.Had any big phone bills?

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
tracking program

Most of these are gotten rid of with Spybot S&D Except for CoolWeb. Some variants they don't clean. Use the shredder

ccapp.exe Norton maybe? OBSORB TROJAN maybe?
http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html

Edit: are you using the new version 1.3 of Spybot S&D?

Get Hippied out!
http://www.angryhippy.net
Me at work: http://tinyurl.com/3nvncb3
My rig! A Blah blah.With a blah blah! SWEET! http://tinyurl.com/4yujmff
Da Beast! http://tinyurl.com/3sapr2b
i5 3570K 4.6GHz http://snipurl.com/26r3cot
Win7-8 Pro 64bit
Joshie Versace Jul 01, 2004, 12:32am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Jul 01, 2004, 12:36am EDT

 
>> Re: 100% CPU usage by ccapp.exe ...suspect spyware that can't be found?
I have used McAfee and it seemed more of an annoyance than usefull. I actually never found a virus with McAfee. AVG is free so you have nothing to lose. AVG has alerted me many times when it found one, even when I wasn't scanning. I am very satisfied with it. Try it, you can always get rid of it if you don't like it. http://www.grisoft.com. Also ccapp.exe is part of Norton. Do a search on google and you get all the info needed about the file.
Josh


Write a Reply >>


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.