| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 66486 | 2006-02-25 00:20:00 | constant internet activity - unable to identify | chiefnz (545) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 433596 | 2006-02-25 00:20:00 | I've noticed that my internet connection is constantly busy even though I'm not browsing or surfing the net. I've run Spybot and it cleaned up some spyware. I did a reboot but still this internet activity is happening. I can't see what it is? I ran Hijackthis and here is the log file... Logfile of HijackThis v1.99.1 Scan saved at 13:13:43, on 25/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\WINDOWS\system32\brss01a.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRAM FILES\VALVE\STEAM\STEAM.EXE C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe D:\Appz\Anti-Spyware\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.ex e" /StartupJobs O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - www.creative.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - cdn2.zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - zone.msn.com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - www.creative.com O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\wmfhotfix.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Can't really tell what should or shouldn't be there... as far as I can tell it all looks legit. I also ran PC-Cillin 2006 and it found and cleaned a virus but this hasn't stopped the constant download activity. Can anyone tell me what's happening. Specs are in signature. I'm on a 2Mb connection through an ethernet ADSL modem. Cheers chiefnz |
chiefnz (545) | ||
| 433597 | 2006-02-25 00:37:00 | I would run HJT again and tick these entries. I would get the MS fix for this, which is out now O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\wmfhotfix.dll O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe - I think this is something for the Audio. You can leave this alone. You dont need these in startup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" Unless u have a remote control for it. O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe Everything else looks fine. Might be something that keeps running while you're online and looking for updates. |
Speedy Gonzales (78) | ||
| 433598 | 2006-02-25 00:44:00 | Legend Speedy.... I'll give it a go and see what happens. cheers chiefnz |
chiefnz (545) | ||
| 433599 | 2006-02-25 00:52:00 | No worries. It might be this entry O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe As it looks like it checks online often (about every mth - or maybe less) for updates. |
Speedy Gonzales (78) | ||
| 433600 | 2006-02-25 01:25:00 | what programs are you allowing through the firewall ? my money is on ... C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe |
tweak'e (69) | ||
| 433601 | 2006-02-25 01:29:00 | Would that be the HP Multimedia keyboard which "calls home" frequently and excessively? If so, there's a revised driver for it, which does not have that "feature". | Graham L (2) | ||
| 433602 | 2006-02-25 01:34:00 | yep that would be the one. tho that driver comes with many keyboards of different makes not just HP. easiest way is to block it with the firewall. |
tweak'e (69) | ||
| 433603 | 2006-02-25 02:27:00 | keyboards with drivers? what is the world coming to? | Mirddes (10) | ||
| 433604 | 2006-02-25 02:49:00 | Here's a (lengthy) thread about this netropa bandworth hog (pressf1.co.nz/showthread.php?t=28428&highlight=multimedia+keyboard) | Graham L (2) | ||
| 433605 | 2006-02-25 02:56:00 | keyboards with drivers? what is the world coming to? Some keyboards come with their own program, for the extra keys on a keyboard. Otherwise, the "special keys" wont work. Like on this kb, its got keys for MS Office (Word,Excel,Outlook,Powerpoint). And the function keys also act as shortcut keys for different options in Office/Outlook. (like new/open/save/send/reply/spellcheck/reply all etc) Without the program, these keys do nothing. |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||