Bandwidth getting used up too fast

drvarunmehta · Sep 1, 2006

Even though no application is accessing the net, data is being downloaded very fast. I ran anti-virus and anti-spyware scans but it didn't turn up anything.
Posting my HijackThis logfile

Code:

Logfile of HijackThis v1.99.1
Scan saved at 9:22:43 PM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
D:\Program Files\Mozilla\firefox.exe
E:\Setups\Security\HijackThis 1.99.1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [DVD43] D:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D243614-41E8-4C8D-A0EA-63DEFB456853}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D243614-41E8-4C8D-A0EA-63DEFB456853}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D243614-41E8-4C8D-A0EA-63DEFB456853}: NameServer = 203.94.227.70,203.94.243.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

SE><IE · Sep 1, 2006

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D243614-41E8-4C8D-A0EA-63DEFB456853}: NameServer = 203.94.227.70,203.94.243.70
O17 -

HKLM\System\CS1\Services\Tcpip\..\{5D243614-41E8-4C8D-A0EA-63DEFB456853}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D243614-41E8-4C8D-A0EA-63DEFB456853}: NameServer = 203.94.227.70,203.94.243.70

Have you entered these addresses manually? If not then they may be possibly nasty and may be removed.

Rest all is ok. Why don't you get Zone Alarm free version.

drvarunmehta · Sep 1, 2006

I entered those addresses manually. Already tried Zone Alarm. It dosen't seem to help

Ramakrishnan · Sep 2, 2006

you may use xoftspyse which is the best anti-spyware I have ever come across. I was bothered by a pass manager. No spyware was able to eliminate this. But Xoftspyse did. That also very fast.

uttoransen · Sep 2, 2006

go to google pack download the ad-aware se personal.

yes, go to pack.google.com and just download the ad-aware se personal, that will remove the adweres and spywares and then you will get some bankwidth saved. try that as it's free.

QwertyManiac · Sep 2, 2006

might be your auto update stuff too ?

drvarunmehta · Sep 2, 2006

Ad-aware was the first program I ran and no, it's not auto update.

gary4gar · Sep 3, 2006

well check at router led lights see if they blink again & again. if they then turn off the router

drvarunmehta · Sep 3, 2006

I figured it out. It's some spyware callet magne2t that only BitDefender detects. Problem solved now.

LegendKiller · Sep 3, 2006

did you install any p2p application??
i remember kazaa used to use this magnet stuff.

if you do than un-install that stupid kazaa stuff and use limewire or something..

drvarunmehta · Sep 3, 2006

I don't use kazaa. Stopped using it over a year ago.

JGuru · Sep 3, 2006

@DrVarunMehta, you can use DUMeter (www.dumeter.com) for monitoring
the Net activity. There may be several causes for your problem.
1) Automatic Updates
2) Malicious activity of a Spyware / Adware

Better use ZoneAlarm firewall & configure it. Also don't use IE browser. Since all
these Spywares use IE to connect to the Net!!!. You can use FireFox or Opera.
Also don't visit untrusted websites. With ZoneAlarm , you can allow/deny & monitor
which programs connect to the Net. Also it's easy to configure & the best firewall.

QwertyManiac · Sep 3, 2006

Problem solved JGuru

paul_007 · Sep 3, 2006

check out for automatic download of patches for XP

drvarunmehta · Sep 3, 2006

I already said that I don't use Automatic Updates.
No more suggestions please, my problem is already solved.

paul_007 · Sep 3, 2006

guys help me now i am havin same problem

i installed DU meter as told by Jguru and i found out that even if i dont browse and observe the DU meter panel , some dat transfer is being taking place at 4 to 5 KBPS

and STRANGE thing is that even if i logoff frm internet the DU panel shows downloading at 3.1 KBPS

i am using internet from our local cable operator , i would also like to mention that when sometimes i try to download frm rapidshare it says ur IP is already downloading a file, is this means that there are many people are using the same ip

pls help , i have disabled auto updates and checked the task manager but there is nothing suspicious

Bandwidth getting used up too fast

drvarunmehta

Wise Old Owl

SE><IE

Guest

drvarunmehta

Wise Old Owl

Ramakrishnan

The Researcher

uttoransen

Broken In

QwertyManiac

Commander in Chief

drvarunmehta

Wise Old Owl

gary4gar

GaurishSharma.com

drvarunmehta

Wise Old Owl

LegendKiller

In the zone

drvarunmehta

Wise Old Owl

JGuru

Wise Old Owl

QwertyManiac

Commander in Chief

paul_007

Padawan

drvarunmehta

Wise Old Owl

paul_007

Padawan