Author Topic: Broadband Disconnect, CPU at 30-50% when idle, Event 615 IPsec services failed.  (Read 4277 times)

0 Members and 1 Guest are viewing this topic.

Tobias4051

  • Guest
PC info:
XP home SP3
Dual core processor
Browser: Firefox 20
Wired internet, not wireless.

Hi,
Please can you help solve this mystery? Opinions are welcome about either of the issues here.
What happened:
- I was looking at a website for a well known large online shop, I have used the site many times before. I was using a non-admin account.
- Lost broadband and got a message bubble "network cable is unplugged" the cable was fine, and it had not been knocked.
- Opened Task Manager, CPU usage % at the bottom was around 40% but only 5% was being used in the processes list.
- Closed brower, CPU still at 30-50% but processes list only had "system idle process" 99%.
- Unplugged cable from router to PC. Task Manager looked the same.
- Logged out of windows. Logged in as admin. Task manager still showing 30-50% usage with only "system idle process" 99% in the list. "Show processes from all users" is ticked.
- Ran: Avast memory scan (only showed the usual two false positive msmpeng.exe Defender entries), Avast full scan, Malwarebytes full scan, Defender full scan, HijackThis, all OK.
- Re-started PC. CPU% was back to normal.
- Checked event logs. For the time when I lost internet there was an entry that said:
Quote
Failure Audit
Event ID: 615
User: NT AUTHORITY\NETWORK SERVICE
IPsec services failed to get a complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the IPsec filters. Please run IPsec monitor snap-in to further diagnose the problem.

- Ran Avast boot scan - nothing found.
- Checked router logs, they didn't go back far enough (only 2 hours)
- Undated and ran MBAM & Defender full scans again,  updated Avast and did a boot scan again, nothing found.
- From here: http://technet.microsoft.com/en-us/network/214ce7bf-7e9d-4c44-b55d-fb829a9af320
I did this:
Quote
Q. How can I tell which IPsec filter lists are active based on the IPsec policy applied to my computer?
A. You can view the IPsec filter list with the IP Security Monitor snap-in provided with Windows XP and Windows Server 2003. To add the IP Security Monitor snap-in, do the following:
    Click Start, click Run, type MMC, and then click OK.
    Click File, click Add/Remove Snap-in, and then click Add.
    Click IP Security Monitor, and then click Add.
    Click Close, and then click OK.
To view the IPsec filter list, you need to open the Main Mode and Quick Mode folders in the console tree. In the Main Mode folder, click Specific Filters to view the filters in the IPsec filter list that require security., In the Quick Mode folder, click Specific Filters to view all of the filters in the IPsec filter list. For more information about the IPsec filter list, see IPsec Filter Ordering.
When I click the folders under Main Mode or Quick Mode it says:
"There are no items to show in this view"


PC seems to be behaving normally now. However I'm sure sure what happened or if it is secure.

Q 1. Any ideas what may have been causing the high CPU usage?

Q 2. Could the Event:615 "IPsec services failed..." be the cause, or a symptom of the broadband disconnect?

Q 3. What is IPsec? Why would I need it?
Is IPsec something for specific PC or network setups that might not be relevant to everyday use?

Q 4. Any suggestions what to do next?

Many thanks for any opinions.
« Last Edit: May 14, 2013, 01:34:25 PM by Tobias4051 »

Johnny4745

  • Guest
PC info:
XP home SP3
Dual core processor
Browser: Firefox 20
Wired internet, not wireless.

When I click the folders under Main Mode or Quick Mode it says:
"There are no items to show in this view"


PC seems to be behaving normally now. However I'm sure sure what happened or if it is secure.

Q 1. Any ideas what may have been causing the high CPU usage?

Q 2. Could the Event:615 "IPsec services failed..." be the cause, or a symptom of the broadband disconnect?

Q 3. What is IPsec? Why would I need it?
Is IPsec something for specific PC or network setups that might not be relevant to everyday use?

Q 4. Any suggestions what to do next?

Many thanks for any opinions.

From what I read you have to have XP Pro in order to view items in Main Mode and Quick Mode.  Auditing has to be enabled, and it can't be enabled in XP Home.

I have lost my broadband connection before but I never received that message.

I don't know if this will apply to you because I''m running Windows 7, but instead of using Main Mode, and Quick mode, you should still be able to see what is going on by viewing Network Connections in Windows Firewall.

Try this:
Right click on the Taskbar, and then click on Start Task Manager.  Click on the Performance tab, and then click on Resource Monitor.  Then click the Network tab.

By the way, high CPU usage at idle is normal.


Tobias4051

  • Guest

From what I read you have to have XP Pro in order to view items in Main Mode and Quick Mode.  Auditing has to be enabled, and it can't be enabled in XP Home.

I have lost my broadband connection before but I never received that message.

I don't know if this will apply to you because I''m running Windows 7, but instead of using Main Mode, and Quick mode, you should still be able to see what is going on by viewing Network Connections in Windows Firewall.

Try this:
Right click on the Taskbar, and then click on Start Task Manager.  Click on the Performance tab, and then click on Resource Monitor.  Then click the Network tab.

By the way, high CPU usage at idle is normal.
Thanks for the reply and suggestions.

- I didn't know that XP pro is needed to see the IPsec monitor details thanks for that info.

- I have also lost connection before without the Event 615 message, this lead me to believe it may about the cause. Although I'm not sure what the error mesage means (in everyday terms). Or even if it is something to be concerned about in this instance.

- I see no link for network connections infomation in the XP firewall. There seems to be more info in windows 7.

- Thanks for the idea, about looking in the Resource Monitor through task manager, however I see no Resource Monitor button in XP.

- The high CPU% seemed unusal as that machine when idle usually runs with the CPU at about 1-2%.
In this case after the broadband disconnect I noticed the CPU usage at about 40% with nothing in the processes list to explain it.
After I closed the browser the CPU usage still said about 40% so I unplugged the net cable (this was after the "cable is unplugged" bubble)
Then logged off, and logged on as admin and still the CPU usage was between 30-50% with nothing in the processes list to explain it.

After a restart the CPU usage was back to around 1-2% when idle.

I called the broadband provider, the disconnect was not to do with them.



Q.s
What are some possible causes of a mystery CPU usage of about 40%?

After scanning with MBAM, Defender, Avast, HJT, and looking in the event logs, is there anything else I could do or check for?

My concern is that malware may have caused this and is now hiding somewhere on the machine. Is this possible?


Thanks for ideas and opinions.



Edit:
Found something in the event log that might be relevant.

Event ID 194
Source atcL001
Error
The description for Event ID (194) in source (atcL001) cannot be found....

Any ideas what this might be referring to?
Many Thanks.
« Last Edit: May 16, 2013, 02:09:33 AM by Tobias4051 »