| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 66486 | 2006-02-25 00:20:00 | constant internet activity - unable to identify | chiefnz (545) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 433606 | 2006-02-25 09:08:00 | It's not an HP keyboard, it's just called a multimedia keyboard. I've had it for quite a while and have never had this problem before. So I don't think this is the problem... of course I could also be wrong. I'm at work now so I haven't had a chance to see if any of the changes I made have made a difference and won't be able to post back until the morning. Thanks for the advice though. Cheers chiefnz |
chiefnz (545) | ||
| 433607 | 2006-02-25 22:02:00 | Well I've removed the entries suggested but this hasn't done anything at all. My network connection is ticking along for now reason really. I also disabled all my startup programs by suing Mike Lin's "Startup" program. This didn't change anything at all. I'm stumped really. I DON'T WANT TO RE-INSTALL WINDOWS!!! What about an entry in the registry? Or does HijackThis pick those up too? Incidently I removed the drivers for my keyboard and the problem didn't go away, so that rules the keyboard out. Here's another look at my HijackThis log after a few changes... Logfile of HijackThis v1.99.1 Scan saved at 10:55:20, on 26/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\WINDOWS\system32\brss01a.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRAM FILES\VALVE\STEAM\STEAM.EXE C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe D:\Appz\Anti-Spyware\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.ex e" /StartupJobs O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\wmfhotfix.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Thanks again guys. cheers chiefnz |
chiefnz (545) | ||
| 433608 | 2006-02-25 22:31:00 | The simplest way to solve this problem will be to either install a firewall if you do not have one. Then set the firewall to prompt you for all activity and note what is trying to do something. Depending on the firewall you choose it may or may not find the problem as many of them have built in rules to allow things to happen with no intervention from the user. |
ughnz (8297) | ||
| 433609 | 2006-02-25 23:36:00 | How about using this to see who your computer is talking to: www.sysinternals.com |
zqwerty (97) | ||
| 433610 | 2006-02-26 00:02:00 | Also if you paste your log into www.hijackthis.de, it will indicate you have a lot of unecessary 'junk' running, some of which could be 'phoning home'. | Terry Porritt (14) | ||
| 433611 | 2006-02-26 00:05:00 | I'd definitely get rid of these, Netpumper is well known for installing 'extra' spyware Uninstall it, it's crap C:\Program Files\NetPumper\NetPumperIEProxy.exe O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe" Download ewido fro www.ewido.net update it after installation and do a full system scan. Select remove or quarantine and tick 'do this with all found entries' (or something along those lines) otherwise it will ask everytime it finds something Download and run ccleaner www.ccleaner.com first it will make the ewido scan faster |
bartsdadhomer (80) | ||
| 433612 | 2006-02-26 00:06:00 | I do have a firewall installed - Trend PC-Cillin Internet Security 2006. I have deleted all my "allowed appls" from the exception list and now when I connect to the internet it tells me which app is trying to connect to the internet. So far nothing has been dodgy except for 2 instances where it said "Operating System Components" are trying to access the Internet, 1st one was UDP port 238 (I think) and the 2nd one was UDP port 138? Does this mean anything to anybody? The constant activity on my network connection has stopped... I think... instead of the 2 little computers lighting up in the system tray there is now only one that is lit up. EDIT: Well it seems my computer is still receiving some sort of data, my received data amount is changing, in "Network Connections"... I guess the problem isn't solved then. cheers chiefnz |
chiefnz (545) | ||
| 433613 | 2006-02-26 00:40:00 | As I said many firewalls have built in rules to allow traffic without asking you or offering you any way to stop it. You could be seeing some netbios activity, if it is only PC to PC traffic. |
ughnz (8297) | ||
| 433614 | 2006-02-26 01:34:00 | I see that the links at the tail of the previous thread on this subject no longer point to the magazine stories. My recollection is that the HP multimedia keyboards had this "feature" put in the driver to keep an "always on" connection always connected, rather than for nefarious purposes. Unfortunately, it wasn't helpful for people whose bandwidth use is limited, or expensive. Other brands of Multimedia keyboards might not be so nice. Port 138 shouldn't be open through your firewall. It might be useful in your LAN, but not on the Internet. |
Graham L (2) | ||
| 433615 | 2006-02-26 03:16:00 | I had a lot of internet "chatter" too for a while...it finaly died when I got rid of Windowblinds..... just a thought.... |
SurferJoe46 (51) | ||
| 1 2 3 | |||||