# TPSrv.exe is making my cpu run at 100%



## Keytapper (Jul 31, 2009)

Hi all

Starting about 4 days ago this computer started to run very slowly all the time. Ive checked the task manager repeatedly at different times and its always using 100% of the cpu when Im running nothing at all. I finally saw (after resizing the task manager window I know *bangs head on desk* I didnt know you could see cpu usage for individual processes that ) that TPSrv.exe is jumping from 50% to 99% and more commonly sticks at 99%.
The other processes are at 0% and there are only about 20 others running. It runs slowly even when the phoneline is pulled (I noticed that sometimes improved performance for other people with similar problems).

After researching this online I found out TPSrv.exe can be part of panda antivirus. From what I read I think some malware can hide in it.
We have Tesco Internet Security lock which is powered by Pandasoft. Its the 2006 version and was last updated on the 30th.

Any help you can give would be greatly appreciated. 
Sorry if I've posted too much information.

(Theres a hi jack this log followed by a superanti spyware log at the bottom of this post.)

Just to be absolutely clear my task manager displays it exactly at TPSrv.exe with the first three letters capitalised.

Before I discovered this Id run 2 complete Tesco Internet Security scans which all came up clean. 2 complete superanti spy ware scans, the first of which found 313 tracking cookies.. I told it to quarantine and terminate them Then I got the most up to date version of Spybot search and destroy which found 4 things. I told it to fix them and then immunised. None of this has helped so far.

When I try to terminate TPSrv.exe it says

The operation could not be completed.
A device attached to the system is not functioning

When I try to lower its priority it says 
The operation could not be completed.
Access is denied.

Here are the systems specs
Windows XP Home Edition Version 2002
Service pack 2. 
HP Pavilion
AMD Athlon 64 Processor 3200+
1.99GHZ, 960MB of RAM
Plug and Play Monitor on ATI RADEON XPRESS 200 Series 
56k internet connection

The Tesco internet security lock is our only antivirus program (not counting the separate anti spyware programs). It says there is an error with the protection against unknown threats. Ive ticked every box to protect against all it can but it still says theres an error.
From my own research Ive discovered that other people have been having similar problems but I dont know if things will be the same as on this system.

Some suspicious things I noticed that may be related

First I went into my computer right clicked and went into manage and checked the Event viewer. Under security there were lots of key icons saying success audit All of them recent (from the scanning Ive been doing I assume). 
Amongst these there are incidences of a padlock icon listed as Failure audit. Ill write it as it shows it

Type Date Time Category Event 
(Padlockicon) Failure Audit 31/07/09 01:09:04am Policy change 615

User Computer
Network service YOUR -(computer number)

On the actual page its on one line obviously. The Failure audits are all the same, always Event 615 and always policy changes.. 
When I right click and go to properties this is the exact message I find in the details box

IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This is a potential security hazard to the machine since some network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap in to further diagnose the problem. 
I have no idea how to run the IPSec monitor snap in. I dont know if this IPSec thing is important.

I noticed in the Tesco Internet Security Lock it says error next to protection against unknown threats but I cant find a way to fix it. Im wondering if this is related to the TPSrv.exe
I looked at the View network activity tab in Tescos ISL while I was online. The only thing that seemed unusual was a program NT CLML Server which is apparently from C:\Program files\Cyberlink\PowerCinema\Kernel\CLML_NTService\CLML Server.exe It seems to be a media player (one thats hardly ever been used) I think it came with the computer.

It only has 1 outbound connection and no inbound. When I checked out the file it said it was created in 2006 with no modifications since then so I dont think its anything. Thinking about it is probably nothing, the cpu usage remains the same even when I pull the internet wire.

Secondly I was rebooting windows (the lag had become unbearable) and it said while shutting down that CENTINELVXD was being ended. I know this is something to do with Tesco ISL but I dont know if it was anything important.

HIJACKTHIS LOGFILE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13:28, on 01/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tesco Software\Tesco Internet Security\TPSrv.exe
C:\Program Files\Tesco Software\Tesco Internet Security\pavsrv51.exe
C:\Program Files\Tesco Software\Tesco Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
c:\program files\tesco software\tesco internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Tesco Software\Tesco Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Tesco Software\Tesco Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Tesco Software\Tesco Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Tesco Software\Tesco Internet Security\apvxdwin.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tesco Software\Tesco Internet Security\SRVLOAD.EXE
C:\Program Files\Tesco Software\Tesco Internet Security\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Microsoft Works\WksWP.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Microsoft Works\WkDStore.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/index_narrow.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: askBarUK BHO - {5A074B21-F830-49de-A31B-95DAE6C6136C} - C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar (UK) - {5A074B29-F830-49de-A31B-95DAE6C6136C} - C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Tesco Software\Tesco Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Tesco Software\Tesco Internet Security\Inicio.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBarUK\bar\bin\askBar_UK.dll/savewebpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Tesco Software\Tesco Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Tesco Software\Tesco Internet Security\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Tesco Software\Tesco Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\tesco software\tesco internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Tesco Software\Tesco Internet Security\PsImSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Tesco Software\Tesco Internet Security\TPSrv.exe
--
End of file - 9996 bytes

SUPERANTISPYWARE LOGFILE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/30/2009 at 05:36 PM
Application Version : 4.27.1000
Core Rules Database Version : 4023
Trace Rules Database Version: 1963
Scan type : Complete Scan
Total Scan Time : 02:00:29
Memory items scanned : 550
Memory threats detected : 0
Registry items scanned : 5150
Registry threats detected : 0
File items scanned : 43264
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt


----------

