| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76723 | 2007-02-13 13:03:00 | unknown internet traffic | bpt2 (6653) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 524516 | 2007-02-13 13:03:00 | I have broadband connection and recently noticed that when I turn on the pC I start uploading data at 8-9 kb/s (as shown on netmeter) without opening any internet program. How can I identify what program is communicating with the internet? Attached is a log report from hijack this. Thanks for any help Logfile of HijackThis v1.99.0 Scan saved at 11:21:10 PM, on 13/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ZoneTick\zonetick.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinKey\WinKey.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\Fast.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Documents\NetMeter\NetMeter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Utilities\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comstech.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Comstech Internet Services O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file) O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll (file missing) O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Glide] glidew32.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Net Activity Diagram] C:\Program Files\Net Activity Diagram\nad.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office11\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Whois - {11E47140-F946-4049-B038-AB77CAA0480B} - C:\Program Files\Whois Web\WWtoolbar.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU) O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O17 - HKLM\System\CCS\Services\Tcpip\..\{3CBFB41F-4F58-420F-9F22-DC9ECDC264A4}: NameServer = 125.168.126.6,203.194.56.150 O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file) O21 - SSODL: Botnetb - {945C11D4-CD35-4290-BFDF-6DBCDB0F0077} - C:\WINDOWS\system32\sysinet.dll O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Comodo Application Agent - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MaxBackServiceInt - Unknown - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MS Common Service - Unknown - C:\WINDOWS\system32\mscomserv.exe (file missing) O23 - Service: MaxSyncService - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe |
bpt2 (6653) | ||
| 524517 | 2007-02-13 15:22:00 | since I'm lazy i'll post an addy you can paste the log into yourself for diagnosis http://www.hijackthis.de/ |
drcspy (146) | ||
| 524518 | 2007-02-13 20:58:00 | You've got a ton of stuff there that shouldn't/needn't be running. msmsgs.exe is one, but I'm also too lazy to check more into it this morning. Suggest you run Spybot, double check that that anti-spyware prog you're running is legit (I doubt it) and do a full anti-virus scan. Keep in mind that there's always a certain amount of legitimate Internet activity whenever you're connected. But you're wise to be cautious. |
Greg (193) | ||
| 524519 | 2007-02-13 21:09:00 | Get TCP view and it well till you what is running. www.microsoft.com Trevor :) |
Trev (427) | ||
| 524520 | 2007-02-13 21:27:00 | bpt2 have you got a firewall installed? | stu161204 (123) | ||
| 524521 | 2007-02-14 01:02:00 | Well u need to get /download / run the latest version of HJT first. Once u do the above, run HJT again tick these entries and tick fix checked. Close browser/s. O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file) O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file) O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll (file missing) -uninstall this if its still installed. O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" - Only if you don't use Nero Home. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file) O21 - SSODL: Botnetb - {945C11D4-CD35-4290-BFDF-6DBCDB0F0077} - C:\WINDOWS\system32\sysinet.dll Looks like u have Spysheriff/Smitfraud Get the file from here (siri.geekstogo.com) |
Speedy Gonzales (78) | ||
| 524522 | 2007-02-14 03:10:00 | Think I got it sorted after finding spyware with Spyhunter and avg (not identified by adaware) and removing it. Thanks |
bpt2 (6653) | ||
| 1 | |||||