Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Buffer Overflow


  • Please log in to reply
No replies to this topic

#1 sinsanity

sinsanity

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 04 October 2009 - 02:20 AM

Something is causing a 10 percent CPU usage.

Never stops, just keeps repeating over and over.

I have already been through the Spyware/Malware Removal forum and have an all clear on virus, malware and spyware.

This started about three weeks ago and I never had it before.

SystemInternals Process Monitor on auto scroll shows that the following happens 4 or 5 times a second, every second.

______________________________________________________________


System 4 SUCCESS Thread ID: 2496 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2496 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2928 108 Process System NT AUTHORITY\SYSTEM

explorer.exe 1608 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS Desired Access: Read 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252623254 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252626854 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 226, Data: \Device\{F2AB8DFA-84C5-4D8B-985F-E56CFCCD02F5}, \Device\{2C05FD31-C6C0-4295-8994-0544470B4E33}, \Device\NdisWanIp 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2928 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2868 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2868 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2960 108 Process System NT AUTHORITY\SYSTEM



______________________________________________________


Can anyone identify what's happening here and let me know how to stop it.


Thanks

Edited by sinsanity, 04 October 2009 - 02:23 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users