Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorised broadband usage every 5mins.


  • Please log in to reply
17 replies to this topic

#1 georgehifi

georgehifi

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 06 February 2014 - 10:26 PM

Hi, I have spikes of unauthorised internet usage every 5-8mins for about 20seconds with about 20kb data involved, Nasdaq told me to post a minibox log here to see who can help me find out what it is as he has tried everything her on this thread http://www.bleepingcomputer.com/forums/t/521772/internet-usage-is-too-high-viruses/

 

Cheers George

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by George (administrator) on 07-02-2014 at 14:14:06
Running from "C:\Users\George\Documents\George's PC Tools\Beeping Computer Scans with Logs"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
add address name="VMware Network Adapter VMnet8" address=192.168.246.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.86.1 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : George-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1D-7D-D6-19-EB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 7 February 2014 10:37:28 AM
   Lease Expires . . . . . . . . . . : Friday, 7 February 2014 2:54:19 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 211.29.132.12
                                       198.142.0.51
                                       198.142.235.14
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:34b7:a9c:2310:103e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::34b7:a9c:2310:103e%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C8CF608F-B5C1-4C8C-AA2A-ACEE05E29B72}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns.mas.optusnet.com.au
Address:  211.29.132.12

Name:    google.com
Addresses:  2404:6800:4006:806::1008
   74.125.237.194
   74.125.237.192
   74.125.237.197
   74.125.237.198
   74.125.237.206
   74.125.237.195
   74.125.237.199
   74.125.237.201
   74.125.237.200
   74.125.237.196
   74.125.237.193

Pinging google.com [74.125.237.192] with 32 bytes of data:
Reply from 74.125.237.192: bytes=32 time=9ms TTL=54
Reply from 74.125.237.192: bytes=32 time=9ms TTL=54

Ping statistics for 74.125.237.192:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 9ms, Average = 9ms
Server:  dns.mas.optusnet.com.au
Address:  211.29.132.12

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=260ms TTL=42
Reply from 98.139.183.24: bytes=32 time=213ms TTL=43

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 213ms, Maximum = 260ms, Average = 236ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 1d 7d d6 19 eb ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    276
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:90d7:34b7:a9c:2310:103e/128
                                    On-link
 15    306 fe80::/64                On-link
 15    306 fe80::34b7:a9c:2310:103e/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/06/2014 03:26:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary acuhevgo.

System Error:
The system cannot find the file specified.
.

Error: (02/06/2014 03:26:02 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {18b4e40e-c670-4090-ac96-fa63e3df8556}

Error: (02/06/2014 03:16:03 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {807b9032-463d-4a4b-a5fd-5e69a8a5db85}

Error: (02/06/2014 09:36:43 AM) (Source: Brother BrLog) (User: )
Description: WIA BrtWIA: [2014/02/06 09:36:43.165]: [00001496]: Releasing IDrvItemRoot interface

Error: (02/06/2014 09:36:43 AM) (Source: Brother BrLog) (User: )
Description: WIA BrtWIA: [2014/02/06 09:36:43.165]: [00001496]: Unlinking WIA item tree

Error: (02/06/2014 09:36:42 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/06 09:36:42.510]: [00001496]: CUsbScnDev: DeviceIoControl Illegal response

Error: (02/06/2014 09:34:17 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/06 09:34:17.753]: [00001496]: CBrUsbSti: GetDevCapa Failed.

Error: (02/06/2014 09:33:47 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/06 09:33:47.504]: [00001496]: CBrUsbSti: GetDevCapa Failed.

Error: (02/06/2014 09:33:47 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/06 09:33:47.379]: [00001496]: CBrUsbSti: GetDevCapa Failed.

Error: (02/06/2014 09:32:27 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/06 09:32:27.952]: [00001496]: CBrUsbSti: GetDevCapa Failed.

System errors:
=============
Error: (02/07/2014 09:39:13 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (02/07/2014 07:31:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/06/2014 09:45:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/06/2014 03:42:54 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (02/06/2014 03:20:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/06/2014 08:14:17 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (02/06/2014 06:52:20 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/05/2014 05:35:43 PM) (Source: DCOM) (User: George-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}George-PCGeorgeS-1-5-21-1753810080-3305130814-2711033095-1000LocalHost (Using LRPC)

Error: (02/05/2014 05:30:18 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (02/05/2014 05:30:18 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (02/06/2014 03:26:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary acuhevgo.

System Error:
The system cannot find the file specified.

Error: (02/06/2014 03:26:02 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {18b4e40e-c670-4090-ac96-fa63e3df8556}

Error: (02/06/2014 03:16:03 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {807b9032-463d-4a4b-a5fd-5e69a8a5db85}

Error: (02/06/2014 09:36:43 AM) (Source: Brother BrLog)(User: )
Description: WIABrtWIA: [2014/02/06 09:36:43.165]: [00001496]: Releasing IDrvItemRoot interface

Error: (02/06/2014 09:36:43 AM) (Source: Brother BrLog)(User: )
Description: WIABrtWIA: [2014/02/06 09:36:43.165]: [00001496]: Unlinking WIA item tree

Error: (02/06/2014 09:36:42 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/06 09:36:42.510]: [00001496]: CUsbScnDev: DeviceIoControl Illegal response

Error: (02/06/2014 09:34:17 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/06 09:34:17.753]: [00001496]: CBrUsbSti: GetDevCapa Failed.

Error: (02/06/2014 09:33:47 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/06 09:33:47.504]: [00001496]: CBrUsbSti: GetDevCapa Failed.

Error: (02/06/2014 09:33:47 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/06 09:33:47.379]: [00001496]: CBrUsbSti: GetDevCapa Failed.

Error: (02/06/2014 09:32:27 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/06 09:32:27.952]: [00001496]: CBrUsbSti: GetDevCapa Failed.

**** End of log ****


Edited by georgehifi, 06 February 2014 - 10:28 PM.


BC AdBot (Login to Remove)

 


#2 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 06 February 2014 - 11:25 PM

Minitoolbox will not tell you what is happening, so really unneeded.  Need the router log example, showing what is calling out on the router, and what port it is using.  If this is happening when the computers and everything else is off, then it is either the router, a Satellite box, Alarm panel, or something else you allowed to connect to your network.

 

So shut down the computers for a day, then see if this problem is in the router log during that time.  If you have wireless, make sure you are using a good password for protecting your wifi network.  If someone is giving out the password, even after you change it and tell that person, then you know who is the culprit.

 

What is the manufacturer & model of your router, and who is your ISP.



#3 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 02:14 AM

It's the computer, as I posted a screen shot of Windows network resource monitor in the other thread, now I can't post it again for some reason.

But here is the link to it http://www.bleepingcomputer.com/forums/uploads/monthly_01_2014/post-874291-0-91518800-1390952731.jpg

 

Cheers George  


Edited by georgehifi, 07 February 2014 - 03:35 AM.


#4 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 07 February 2014 - 08:20 AM

If svchost.exe is still showing high use, you are most likely still infected.  Use FRST, ADW, to first go through a cleaning & checking process.



#5 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 02:48 PM

Greg, Nasdaq got me to run at least 6 programs including FRST and ADW and post all the logs, if you have a look at the thread he moved me from to here http://www.bleepingcomputer.com/forums/uploads/monthly_01_2014/post-874291-0-91518800-1390952731.jpg

 

He thought maybe this forum would have some different method of finding this bug/virus or whatever it is.

 

Cheers George



#6 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 07 February 2014 - 03:35 PM

george, you said you had the same issue as someone else. His was lagging out his internet for everyone, Is your lagging out? what made you notice this was happening? 

 

If you open Resource Monitor(RM) and Task manager( TM ) go to the services tab, you can look at the PID in RM that is using the net and look in ( TM )Services for that PID and see what service is doing it.  The services tab will give a description of the service.

 

If they have cleared you for virus/malware infection I think you'll find that its just normal "keep alive" type traffic that your PC uses to make sure it stays connected to the net in some way shape or form. Unless it is lagging your network.


Edited by CaveDweller2, 07 February 2014 - 03:36 PM.

Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#7 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 04:50 PM

 I think you'll find that its just normal "keep alive" type traffic that your PC uses to make sure it stays connected to the net in some way shape or form.

 

Thanks Cavedweller2, so you think this usage spike every 5-10mins is just normal windows (keep alive) connection processes.   http://www.bleepingcomputer.com/forums/uploads/monthly_01_2014/post-874291-0-91518800-1390952731.jpg

 

Can someone here see if it's happen to them with Windows 7 Resource Monitor .

 

I have no lagging of my internet, as for the PID there are many of them when this usage spike starts and they are off and on for seconds each so it's hard to tell what's doing what. 

 

Cheers George



#8 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 07 February 2014 - 05:33 PM

I'm not sure george but I don't see anything that strange in RM. Below is a screen cap of mine with my services. All of that is about keeping my PC talking on a network. Hence I suggested you do the same thing so you can see what they are. and yes my name is Tom =)

 

Capture_zpsace51a85.jpg


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#9 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 05:45 PM

So the massive Network usage spike in the graph that you can see, that's not in your pic is not a worry? as this happens evey 5-10mins 10-20sec duration and over 10kb in size.

 http://www.bleepingcomputer.com/forums/uploads/monthly_01_2014/post-874291-0-91518800-1390952731.jpg

 

 

Cheers George


Edited by georgehifi, 07 February 2014 - 05:45 PM.


#10 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 07 February 2014 - 05:55 PM

If they have cleared you from having some sort of malware on your PC then no I wouldn't worry. If you want to continue to worry about it then feel free. Your's is not causing you lag. Is anything acting weird?  Your PC and mine are different. We have different things installed. So they are going to act and show different things. Again open the services tab so you can see what they are and if you want, research them. I think you'll find they are all normal for Win7. 

 

Take a screenshot like I did showing RM and the services tab. then boot into safe mode with networking and take another screenshot just like the one you just did. see if you are still getting the spike. if yes, post both screen shots


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#11 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 06:02 PM

For some reason I cannot post screen shots anymore, looks like it was just the once then the forum barred me from doing it. 

 

Are you getting any usage spikes in idle mode if you watch the Resource Monitor Network usage graph over a say a 15min period?  

 

Cheers George



#12 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 07 February 2014 - 07:39 PM

george, you are looking for the exact cause of this right? then you have to do some work. disable your network card...look at the services. enable it, look again and compare them. do the same thing in normal and safe mode with networking. did you boot into safe mode with networking to see if it still spikes? 

 

OR

 

If it's not bothering ANYTHING else on your computer OR your surfing then forget about it and move on with your life.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#13 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 08:07 PM

Yes even in safe mode with networking it was dead quite then spiking and using the network, but I must say the period between usage time doubled to around every 10-15mins.

 

As forgeting about it, something I believe from Windows itself is trying to converse back to somewhere else, without my knowledge. Sure I'm going to be bothered about it, wouldn't you? And if you Google it, there's alot of it going on out there. Thanks for your help anyway CaveDweller2, maybe Apple is the answer, or maybe not.

 

 

Cheers George     



#14 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 07 February 2014 - 08:18 PM

I gave you what you have to do, I can't do it, your system is different than anyone else's. See what is running and research it. do a netstat -a and have a look. Download Wireshark and run it on your interface. Look at all the packets when you're just sitting at idle. 100's of packets are sent just to make sure you're still connected. 

 

And no, as long as I know I am malware free, it wouldn't bother me, if it did I would disable my network card when I went to bed or turn my router off or something like that.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#15 georgehifi

georgehifi
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 February 2014 - 09:26 PM

Thanks anyway, were just going down the same path again, i'll just have to learn to live with it till someone finds the answer, as I said there's a lot of talk about it so someone with knowledge on this will hopfully find the answer.

 

Thanks George  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users