Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Internet Being Used Continously


  • Please log in to reply
2 replies to this topic

#1 amitlath

amitlath

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 20 December 2007 - 08:09 AM

Hi,

my internet connection is showing continous data transfer without any input from my side. my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:38 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\utilities\SPF\smc.exe
D:\utilities\Ad-Aware 2007\aawservice.exe
D:\utilities\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
d:\utilities\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
D:\utilities\Kaspersky Anti-Virus 7.0\avp.exe
D:\utilities\Kaspersky Anti-Virus 7.0\avp.exe
D:\utilities\Opera\Opera.exe
D:\utilities\Kaspersky Anti-Virus 7.0\avp.exe
L:\downloads\HiJackThis.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\utilities\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Web Test Recorder Helper - {62355041-605D-4469-84FD-5D66ED67A7E3} - D:\development\Microsoft Visual Studio

8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\utilities\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - D:\development\IEDevToolbar\IEDevToolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\utilities\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SmcService] D:\UTILIT~1\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\utilities\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "D:\utilities\Kaspersky Anti-Virus 7.0\avp.exe"
O8 - Extra context menu item: &Download All with FlashGet - D:\utilities\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\utilities\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\UTILIT~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {0AD401E5-2D78-45B1-B875-07B0F9ED3937} - C:\Program Files\nStuff\Web Development Helper\WebDevHelper.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\utilities\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\development\IEDevToolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\utilities\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\utilities\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB24A37-940F-40AD-BC8A-908E72C53D8E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{4666A414-0B3B-4C5A-BF9B-D9C397C67B76}: NameServer = 218.248.255.145,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AB24A37-940F-40AD-BC8A-908E72C53D8E}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: console32 - C:\WINDOWS\SYSTEM32\console32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\utilities\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\utilities\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\utilities\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\utilities\SPF\smc.exe

--
End of file - 5367 bytes


any help would be appreciated.

thanks
amit

BC AdBot (Login to Remove)

 


#2 amitlath

amitlath
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 20 December 2007 - 12:35 PM

looking at the sheer frequency of posts in this forum, i am just bumping my topic..:thumbsup:. if the moderators feel this is inappropriate behaviour, this post may be deleted. thanks.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:45 PM

Posted 02 January 2008 - 12:12 AM

Hello amitlath and welcome to the BC HijackThis forum. If you are still experiencing issues then let's see what else we can find.

WinPFind35u Log -

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Security Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users