HELP.. UNWANTED UPLOADS HOGGING NET SPEED

Discussion in 'QnA (read only)' started by walking-techie, Sep 26, 2004.

Thread Status:
Not open for further replies.
  1. walking-techie

    walking-techie New Member

    Joined:
    Aug 9, 2004
    Messages:
    190
    Likes Received:
    0
    Trophy Points:
    0
    HI .. JUST GOT A CALL FROM MY ISP..(LOCAL CABLEWALLAH..) HE SAYS I AM UPLOADING DATA AT A VERY HIGH SPEED.. I MGHT BE INFECTED WITH A VIRUS OR SOMETHNG..

    WELL RAN IMMEDIATE SCAN WITH NAV.. NOITHING
    DOWNLAODED LATEST STINGER.. NO RESULTS

    RAN A SPYBOT CHECK .. NOTHING

    SO NOW USED HIJACK

    THIS IS MY LOG.. ANYTHING INTRIGUING.. THAT WILL BE DOING THIS !!

    PLS HELP SOON..


    Logfile of HijackThis v1.97.7
    Scan saved at 10:26:46 PM, on 26.09.2004
    Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Oracle\Ora81\BIN\TNSLSNR.exe
    c:\oracle\ora81\bin\ORACLE.EXE
    c:\Oracle\Ora81\BIN\OWASTSVR.EXE
    c:\Oracle\Ora81\bin\oradim.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Documents and Settings\G\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.1.1/
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.3\NHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTSetupPatch] C:\PROGRA~1\Creative\CTSetup\CtSetup.Exe -S -P -3
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D03C35C6-D521-4757-8732-5D9E0AB54A49}: NameServer = 172.16.1.1

    THANK U
     
  2. SouvikSinha

    SouvikSinha New Member

    Joined:
    Sep 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Calcutta
    You have Windows XP SP2 and also have ZoneAlarm and Norton AntiVirus installed. So you have one of the most robust securities. I believe that you connect to the internet using your LAN card. Whatever be the communication mode, just double-click on the Network Connection icon in SYSTRAY and check the status of the connection. Observe whether your outbound traffic is increasing at a very fast rate. If it is so, check from ZoneAlarm, which programs are accessing internet. You will be able to identify the culprit.
     
  3. ishaan

    ishaan New Member

    Joined:
    Feb 28, 2004
    Messages:
    894
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    New Delhi
    maybe its a p2p software, like kazaa
     
  4. theraven

    theraven Active Member

    Joined:
    May 5, 2004
    Messages:
    2,912
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    off to "never ever" land
    p2p software always have less upload rate than download rate ... USUALLY ...
    even sometimes when uploads exceed downloads ... it wont cause an avalanche such that ur operator calls and tells u to check ur pc :D
    that just seems a lil unlikely thats all
     
  5. ishaan

    ishaan New Member

    Joined:
    Feb 28, 2004
    Messages:
    894
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    New Delhi
    maybe da options are set to a high bandwidth for uploads by mistake...and if the net is on 24x7 then maybe someone was uploading some damn big files like movies,etc...if kazaa was on..or any p2p....

    just a suggestion
     
  6. OP
    OP
    walking-techie

    walking-techie New Member

    Joined:
    Aug 9, 2004
    Messages:
    190
    Likes Received:
    0
    Trophy Points:
    0
    well guys thx for the helping hand,
    and no.. i dont use p2p .. so no probs there

    anyways i just installed the entire os again, not becos of this but i just got an original win xp prof

    well its seems the problem is solved, becos no complaints from isp

    thnx guys
     
Thread Status:
Not open for further replies.

Share This Page