Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

CPU goes to 100% when online

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 6 posts
Hi all,

Whenever I connect to the internet via my DSL connection on SBC, my services.exe goes balistic. Within 2 minutes of a connection, one or more of my services seems to kick in an hog my CPU. It takes all the CPU usage that is left. If there are no other services or software running, it consumes 100% of my CPU usage and seems to be in an endless loop. I have disconnected the DSL after the problem started, but the problem doesn't stop. Once it kicks in, the only method of stopping it is to reboot. If I boot up with my DSL disconnected, I can compute for days with no problems. But as soon as I connect to the internet, I'm done within 2 minutes.

If I need to send emails, I have to compose them offline, go online and quickly send. In fact, this message was composed entirely offline and cut & pasted within 2 minutes to this forum.

I have surfed the web (at the library) for hours. Thousands seem to have the same problem, but no one has the cure. So before I resort to the ultimate committment, I hope you have the answer.

Here are my observations:

1) It only occurs when connected to the internet. Internet browser does not have to be active for the problem to occur.

2) I disabled all non Microsoft services, rebooted and connected to the internet and the problem still occurred.

3) I researched all my running Microsoft services (online at the library) and the all are legitimate. There are no services that seem odd or have an unknown name or author.

4) I have scanned my computer with up to the minute definitions of Panda, McAffee, AVG and Norton AntiVirus. I installed Norton System Works and ran the complete system check up. No viruses, worms, trojans, etc. were found by any of the software programs. However, NSW did stop what it called a worm from transmitting information. Here is the actual message:

Norton Internet Worm Protection has detected and blocked an intrusion attempt.

Intrusion: Portscan.
Risk Level: Mediua
Protocol: UDP
Attacked IP: MAIN(
Attacked Port: 1053.

Based upon this alert, I suspect I may have become a zombie and someone is wating for a signal from my computer saying I'm online and that person(s) has the capability to do dirty deeds such as send out spam using my IP address. Norton blocked it, but does not recognize whatever program is using the CPU in the 1st place.

5) I have run several malware programs including Ad-Aware, XoftSpy, Microsoft AntiSpyware, TrendMicro AntiSpyware, Norton System Works, and SpyWare Blaster. They all seemed to find some threats, but once deleted, the problem still remained.

6) I have run Registry Cleaner & Registry Mechanic to eliminate any old registry items from software that I know I have deleted. But there is still some that I don't recognize and wonder if they are needed because of other software.

7) When I disabled the DHCP Client sevice so it would not start up, the problem stopped. However, I could not connect to the internet. Same was true when I disabled the DNS Client. So that made me think that maybe the threat had lodged itself in the DSL software. I unistalled the software, reinstalled it and whammo....no change. The problem is still there.

I am so frustrated that I'm to the point of reformatting my 80 gig hard drive. Which of course, means reinstalling all my software (much of which I acquired online and don't have the original software) and hoping all my data is readable. You are my last resort.

Here is my HiJack This report:

Logfile of HijackThis v1.99.1
Scan saved at 4:16:58 PM, on 5/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\NoteTab Light\NoteTab.exe
C:\Documents and Settings\Dad\Desktop\Desktop\Virus & Malware Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bioperformanceproducts.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID
{05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program
O8 - Extra context menu item: &Translate English Word - res://c:\program
O8 - Extra context menu item: Backward Links - res://c:\program
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
O8 - Extra context menu item: Similar Pages - res://c:\program
O8 - Extra context menu item: Translate Page into English - res://c:\program
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3F7E91A0-E33C-11d5-8736-00010260CD82} (JavaSonics) -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

I suspect this is an entry in my registry. Again, I sure hope you can find the answer.

Thanks in advance


Edited by TTerry, 14 May 2006 - 04:03 PM.

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi all,

I know you're all super busy helping as many as you can. But I posted here on May 14th and alas no reply. I am desperate. Please respond. I don't want to resort to the ultimate refomat.


  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP