Solved

Running process, apsrv.exe, using considerable cpu and ram

Posted on 2004-10-29
356 Views
Last Modified: 2008-02-01
This is a Windows 2000, sp. 4 box. User is complaining it is too slow. Noticed this service running, apsrv.exe in tasks. I cannot find out any information on this service. Did run Adaware. Machine is patched up to date and SAV is up to date and running. Any ideas or help would be appreciated. Here is my hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 2:10:04 PM, on 10/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cusrvc.exe
C:\PROGRA~1\Symantec\SAV8\DefWatch.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINNT\system32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\PROGRA~1\Symantec\SAV8\vptray.exe
C:\WINNT\addins\apsrv.exe
C:\Program Files\printkey\printkey2000.exe
C:\Program Files\Novell\ZENworks\NALWIN32.EXE
C:\Program Files\Novell\ZENworks\naldesk.exe
M:\Utilities\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\username\LOCALS~1\Temp\bil.dat
O2 - BHO: (no name) - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\username\LOCALS~1\Temp\rvsavaj.dat
O2 - BHO: (no name) - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\INSTAL~1\LOCALS~1\Temp\vrspa.dat
O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\username\LOCALS~1\Temp\bil.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\username\LOCALS~1\Temp\bil.dat
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\username\LOCALS~1\Temp\bil.dat
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\username\LOCALS~1\Temp\bil.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NDPS] C:\WINNT\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\SAV8\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINNT\system32\zentray.exe
O4 - HKLM\..\Run: [lib] C:\WINNT\Web\printers\lib.exe
O4 - HKLM\..\Run: [*lib] C:\WINNT\Web\printers\lib.exe
O4 - HKLM\..\Run: [*docps] C:\WINNT\inf\docps.exe
O4 - HKLM\..\Run: [*fontutil] C:\WINNT\msagent\intl\fontutil.exe
O4 - HKLM\..\Run: [*javasvr] C:\WINNT\Fonts\javasvr.exe
O4 - HKLM\..\Run: [*mfcxml] C:\WINNT\mfcxml.exe
O4 - HKLM\..\Run: [*libdos] C:\WINNT\Driver Cache\libdos.exe
O4 - HKLM\..\Run: [*runtcp] C:\WINNT\AppPatch\runtcp.exe
O4 - HKLM\..\Run: [*mp3ip] C:\WINNT\Tasks\mp3ip.exe
O4 - HKLM\..\Run: [*apsrv] C:\WINNT\addins\apsrv.exe
O4 - Startup: nalwin32.lnk = C:\Program Files\Novell\ZENworks\NALWIN32.EXE
O4 - Global Startup: captlpt1.bat
O4 - Global Startup: PrintKey.lnk = C:\Program Files\printkey\printkey2000.exe
O4 - Global Startup: NALWIN32.lnk = C:\Program Files\Novell\ZENworks\NALWIN32.EXE
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ5\Cache\SelectedContextSearch.htm
O9 - Extra button: Novell delivered applications (HKLM)
O12 - Plugin for .spop: C:\Program Files\Plus!\Microsoft Internet\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -

http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37469.2167361111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
0
Question by:dd262
    3 Comments
     
    LVL 65

    Accepted Solution

    by:
    Hello dd262 =)

    First First use msconfig to untick unwanted progrmas as described here >> http://netsquirrel.com/msconfig/
    Download msonfig for 2000 here >> http://www.perfectdrivers.com/howto/msconfig.html
    Then Download these tools and install them:
    ========================================================
    AdAware ==> http://www.spychecker.com/program/adaware.html
    SpyBot  ==> http://www.spychecker.com/program/spybot.html
    CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
    Stinger ==> http://vil.nai.com/vil/stinger
    ========================================================

    Then Run all of them one by one in safemode and delete everything they detect.
    Then delete the temporary internet files and history of IE
    and run Disk Cleanup on ur hard drive to delete those temp and junk files.
    Restart back in Normal Mode to check for the problems now ??

    If still yes, then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
    http://tools.radiosplace.com/HijackThis.exe

    Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
    and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
    To Fix, check the lines and click on Fix Checked !!

    HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php

    CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
    0
     

    Author Comment

    by:dd262
    OK, I will go ahead and do these steps. I will accept your answer for now and post any pertinent updates later. Thank you for your swift response. :-)
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    :)
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    unable to search  data in SQL 2000 server 10 280
    Group Policy 9 549
    Problems executing VBS script in Windows 2000 16 141
    Windows 16 320
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    "Disruption" is the most feared word for C-level executives these days. They agonize over their industry being disturbed by another player - most likely by startups.
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    860 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now