tcptapi process slowing down machine

Posted on 2004-10-29
Last Modified: 2010-05-18
I have a windows 2000 professional machine that is very slow running any apps.  I went to Task Manager and looked at the processes.  I noticed one called tcptapi that was using up to 98% of the processor at times and 40% at the lowest.  I kill that process, but within a couple seconds it starts up again.  I searched the registry for tcptapi and found it in HKLM/Software/Microsoft/Windows/CurentVersion/Run.  It was call *tcptapi with a value of C:\winnt\cursors\tcptapi.exe.  I go to that directory and there is no tcptapi.exe there (Hidden files are being shown).  I do however find a tmp file called ipatpct.tmp.  This cannot be deleted while the tcptapi process is running.  I then log out and access the computer from another computer on the network to delete that tmp file.  So, I now have both the registry key and tmp file deleted, but once I log back in the registry key is back, the process starts back up, and the tmp file has returned.  At least this time I can stop the process without it immediately starting again.  I can remove the tmp file again, along with stopping the process, and removing the registry key, but as soon as I log off and back on, it is back.  Any suggestions?
Question by:goodnetworking
    LVL 18

    Accepted Solution

    Have you tried running AdAware and Spybot on the system to help clean it of any malware crap?




    Run them both in safe mode and normal mode.
    LVL 18

    Expert Comment

    Also make sure you update both programs before running them.

    Author Comment

    Thank you!  After updating Ad-Aware, it found the culprit.  It was some Spyware called Virtomundo.  I believe the file that kept running the process was called tcpole.exe.  It found a couple others related to this spyware also.  It did only find it after the program was updated though.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Product Review - Android Remix

    Come along for the ride with our Senior Product Manager, Brian Matis, as he reviews the Android Remix.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.
    This video discusses moving either the default database or any database to a new volume.

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now