For Chaslang re. CPU @ 100% & No Internet

Discussion in 'Malware Help (A Specialist Will Reply)' started by gnanos, Oct 1, 2005.

  1. gnanos

    gnanos Private E-2

    CPU @ 100% & No Internet

    I'm on an XP (Home) sp2 machine & when I fired it up yesterday, it couldn't access the internet via Direcway satellite & was runnign slowly w/ cpu utilization @ 100%.
    I've run everything from the 'read me first' list that could be downloaded on another machine & transferred via floppy to the sick one. Nothing found. Also ran HijackThis & had it analyzed with only one thing being suspect. I had HijackThis fix that & rebooted but to no avail.
    Any suggestions?
     
    gnanos, Oct 1, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: CPU @ 100% & No Internet

    Are you sure the problem is not a configuration issue with how you setup you connection for your ISP?

    What process is using all the CPU time?

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Oct 1, 2005
    #2
  3. gnanos

    gnanos Private E-2

    Re: CPU @ 100% & No Internet

    Thanks for the reply.

    I'm sure it's not my isp connection because a) I've been using the same configuration w/ Direcway for about 2 years w/o changing anything, and b) I was on the phone w/ them for hours yesterday & they ran me thru tier 1 and tier 2 support.

    The process that's gobbling up all my cycles is an iteration of svchost.exe. Sorry I don't know what sub-processes that's handling.

    I've attached the hijackthis log file. The previous time I ran it, I was using the prior version. This time I got more hits.

    Again, thanks for your assistance.
     

    Attached Files:

    gnanos, Oct 2, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: CPU @ 100% & No Internet

    You must run ALL steps in the READ ME. You have not run step 1 of the cleaning process (the online scanners).

    Also you have Grokster installed which you should uninstall. The below is part of it:

    O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe

    You should have HJT fix this line and reboot in safe mode and delete that file.

    Also uninstall Vbounce or Virtual Bounce and delete its files:

    O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE

    You should have HJT fix this line and reboot in safe mode and delete that file.

    After doing the above post a new HJT log and let me know if there is any change.
     
    chaslang, Oct 2, 2005
    #4
  5. gnanos

    gnanos Private E-2

    Re: CPU @ 100% & No Internet

    I can't run the online scanners if I can't get online.

    I've done the other stuff you mentioned, but still no change when I boot up.

    I'm attaching a new hijackthis log.

    Thanks.
     

    Attached Files:

    gnanos, Oct 2, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: CPU @ 100% & No Internet

    Do you use AOL to get online? You mentioned DirecWay before.

    Is the below ProxyServer setting part of DirecWay?
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83

    The IP address show on the O17 line all appear to belong to:
    Code:
     OrgName:	Level 3 Communications, Inc. 
OrgID:	  [url="http://ws.arin.net/cgi-bin/whois.pl?queryinput=O%20!%20LVLT"][color=#0000ff]LVLT[/color][/url]
Address:	1025 Eldorado Blvd.
City:	   Broomfield
StateProv:  CO
PostalCode: 80021
Country:	US
    Is this part of your ISP?

    There are no real signs of malware in your log! This does not necessarily mean your system is clean. Still sounds line something messed up your configuration. Can you boot in safe mode and get access? If your ISP software requires any special drivers, you may not be able to. If your connection is via satellite perhaps your problems is not in a configuration setting, maybe it is a hardware problem. How did they verify that there is connectivity to your PC?
     
    chaslang, Oct 2, 2005
    #6
  7. gnanos

    gnanos Private E-2

    Re: CPU @ 100% & No Internet

    Hi, chaslang.

    I went to Level 3 Comm's website & didn't recognize anything I use. It's definitely not related to direcway. I use Direcway exclusively to access the internet. I upgraded to AOL v9 a couple of months ago & they loaded me up with all kinds of stuff!

    The proxy setting IS a direcway entry.

    When I boot in safe mode, I still have the same problem with not being able to access the internet via my browser. However, even when I boot normally, I can ping external addresses. I think the problem is somewhere between the isp & my browser. The hardware passes all their diagnostics.

    So, passing diagnostics, ability to ping, & the svchost process grabbing all my cpu cycles lead me to believe that there's something funky going on in my system.

    Thanks.
    G.
     
    gnanos, Oct 3, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: CPU @ 100% & No Internet

    Can you access sites using IP address rather then URLs?


    Are the below IP addresses used in your internal network (if you have one)?
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEDB7E3-4D92-4864-85B8-BD17F51E0A6B}: NameServer = 198.77.116.8,198.77.116.12,198.77.116.12 198.77.116.8 198.77.116.8,198.77.116.12 198.77.116.8 198.77.116.8,198.77.116.12

    If not, have HJT fix that O17 line. Then reboot and make sure it does not come back.
     
    chaslang, Oct 4, 2005
    #8
  9. gnanos

    gnanos Private E-2

    Greetings, Chaslang.
    You were working w/ me at the beginning of the month re my cpu/internet problem. I was away from home on an extended business trip & just returned home to find my thread archived from the "Spyware Specific" forum.

    I found it in the archives as #7776 (entitled "CPU @ 100% & No Internet") & performed the action you specified but with no success. Same symptoms exist. Do you have any more suggestions?

    I'm attaching the latest hjt log & a copy of the archive.

    Thanks.
     

    Attached Files:

    gnanos, Oct 21, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Answer what I asked in my last message! We combine you back into the original thread. You should not have started a new thread.
     
    chaslang, Oct 21, 2005
    #10
  11. gnanos

    gnanos Private E-2

    The answer is no.

    Also, sorry about the new thread. Can you tell me where we are told that archived threads will be recombined with new posts? I must have missed that. I don't want to violate any other rules in the future.

    Thanks.
     
    gnanos, Oct 22, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No to both questions?

    It is just standard operating procedure in almost every forum. Once you start a thread for a particular problem, you should stay in that thread until the problem is resolved. It keeps the history for your problem in one place. Also, it prevents us and you from wasting time since most new threads will be met by a boilerplate message telling you to run the READ & RUN ME sticky.

    It is not a violation of a rule, it is just better for all of us and keeps things more organized. If your problem was fixed and then later you came back with a different problem or a different PC with a problem then a new thread would be appropriate. But be aware that the READ & RUN ME should always be run before posting. It does not take very long for systems to get badly infected. So if you were clean and running okay one day and then the next day have problems, the READ ME should be run again (even if only run the day before) to sort out anything new.

    I'm a little confused as to what your exact problem is too.
    1) Can you access the internet at all via a browser? Did you try using both URL's and IP addresses?

    2) You said you could ping. What address were you pinging? Was it an external address?

    3) Are you sure you do not have some kind of configuration problem?

    4) Are you sure the AOL stuff you installed did not mess with a required configuration setting?
     
    Last edited: Oct 22, 2005
    chaslang, Oct 22, 2005
    #12
  13. gnanos

    gnanos Private E-2

    No to both questions. I cannot access sites using ip address OR url. Also, I have no internal network. I had HJT fix that line (O17) & it didn't come back.

    Here's the problem. One day about a week after I upgraded from AOL 8 to AOL 9, my computer suddenly started giving me messages that I had never seen before when it booted up. One was that the Direcway navigator could not properly initialize and the other was that Symantec Email proxy could not scan email because the network was not properly configured. (I have since removed AOL 9 but it hasn't helped.)

    Along with this, the cpu was pegged at 100% w/ virtually all cycles going to a system svchost.exe process. The same thing happens when I boot up in safe mode. When this happened to me about 10 months ago, you had me run LSP Fix & delete an item. Now, though, it just shows mswsock.dll & winrnr.dll which I assume are normal. So I didn't do anything about them.

    To answer your 4 questions below:

    1) Cannot access internet via a browser using ip address or url.

    2) Pinged an external address per the request of the Direcway customer support person I was working with. When I told them about the cpu problem and after their diagnostics identified no problems, they ended the call telling me that I had problems other than with their connection. That makes sense to me.

    3) As sure as I can be that it's not a configuration problem. I had been using AOL 9 for a week with no problems. Also, all I did was boot up the system one day & there was the problem with no changes to anything.

    4) See #3 above. Also, I de-installed AOL 9 & it's not helped.

    Thanks.
     
    gnanos, Oct 22, 2005
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Still sounds like a configuration issue to me and this probably no longer belongs in the Spyware Forum. You may want to check for things like below:

    - hardware problem: do you have a network card in your PC. Is it showing up properly in Device Manager without any errors. Maybe you need to reload your drivers. Does it show that it actually has network connectivity.

    - maybe a you need to uninstall you Direcway software, reboot and reinstall and reconfigure (if you have not already done this).

    - Maybe a tool like XP TCP/IP Repair or thisWinSock XP Fix 1.2 would help if the problems is really related to a broken LSP stack.
     
    chaslang, Oct 26, 2005
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds