HELP.. UNWANTED UPLOADS HOGGING NET SPEED

Status
Not open for further replies.

walking-techie

Journeyman
HI .. JUST GOT A CALL FROM MY ISP..(LOCAL CABLEWALLAH..) HE SAYS I AM UPLOADING DATA AT A VERY HIGH SPEED.. I MGHT BE INFECTED WITH A VIRUS OR SOMETHNG..

WELL RAN IMMEDIATE SCAN WITH NAV.. NOITHING
DOWNLAODED LATEST STINGER.. NO RESULTS

RAN A SPYBOT CHECK .. NOTHING

SO NOW USED HIJACK

THIS IS MY LOG.. ANYTHING INTRIGUING.. THAT WILL BE DOING THIS !!

PLS HELP SOON..


Logfile of HijackThis v1.97.7
Scan saved at 10:26:46 PM, on 26.09.2004
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Oracle\Ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
c:\Oracle\Ora81\BIN\OWASTSVR.EXE
c:\Oracle\Ora81\bin\oradim.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Documents and Settings\G\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *172.16.1.1/
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.3\NHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSetupPatch] C:\PROGRA~1\Creative\CTSetup\CtSetup.Exe -S -P -3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - *fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D03C35C6-D521-4757-8732-5D9E0AB54A49}: NameServer = 172.16.1.1

THANK U
 

SouvikSinha

Broken In
You have Windows XP SP2 and also have ZoneAlarm and Norton AntiVirus installed. So you have one of the most robust securities. I believe that you connect to the internet using your LAN card. Whatever be the communication mode, just double-click on the Network Connection icon in SYSTRAY and check the status of the connection. Observe whether your outbound traffic is increasing at a very fast rate. If it is so, check from ZoneAlarm, which programs are accessing internet. You will be able to identify the culprit.
 

theraven

Technomancer
p2p software always have less upload rate than download rate ... USUALLY ...
even sometimes when uploads exceed downloads ... it wont cause an avalanche such that ur operator calls and tells u to check ur pc :D
that just seems a lil unlikely thats all
 

ishaan

Padawan
maybe da options are set to a high bandwidth for uploads by mistake...and if the net is on 24x7 then maybe someone was uploading some damn big files like movies,etc...if kazaa was on..or any p2p....

just a suggestion
 
OP
W

walking-techie

Journeyman
well guys thx for the helping hand,
and no.. i dont use p2p .. so no probs there

anyways i just installed the entire os again, not becos of this but i just got an original win xp prof

well its seems the problem is solved, becos no complaints from isp

thnx guys
 
Status
Not open for further replies.
Top Bottom