organicbmx 0 Report post Posted June 16, 2005 (edited) just wondered if anyone thought this odd behavior for my pc. im on a shared isbn lan connection and whenever im online my computer is almost continuously uploading. after a normal session on the internet my pc has normally uploaded as much as it has downloaded. i think the other pcs on the network do the same so...?im running norton virus scanner, norton firewall, spybot, adaware, ms antispyware, all fully updated and find nothing on a scan.any ideas? thanks Edited June 16, 2005 by microscopic^earthling (see edit history) Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted June 16, 2005 Dude you got some BIG PROBLEM - something is transmitting data out of your system - either some simple data miner or a keylogger. Amount of uploads are never same as downloads.. all the uploads that happen are usually various kinds of acknowledgements to packet receipt and for handshakes. Your system should not be transmitting same amount of data as it receives.I say go for a full format, if none of them can capture it. Share this post Link to post Share on other sites
Klass 0 Report post Posted June 16, 2005 I would check your startup programs and see if anything odd is starting up.Here is a thread with more information: http://forums.xisto.com/topic/84093-topic/?findpost=1064304790 Share this post Link to post Share on other sites
jipman 0 Report post Posted June 16, 2005 things to do...- Packetsniff your computer ( http://forums.xisto.com/no_longer_exists/)- Block internet access of the processes that send the data (identify them with the sniffer)- Remove or uninstall the programs that do seem to send those things.For the comparison my download upload ratio is 5 : 1 (approx) Share this post Link to post Share on other sites
banjosforpeace 0 Report post Posted June 16, 2005 If you are using a Windows XP system, press Ctrl+Alt+Del to see the task manager. Click the Process tab to see which process is utilizing a lot of the CPU. If you see a process doing something and don't know what it is, type the file name into Google and search to see if anything related to viruses or keyloggers comes up. Or, post the file name here for more help. Share this post Link to post Share on other sites
Klass 0 Report post Posted June 16, 2005 If you are using a Windows XP system, press Ctrl+Alt+Del to see the task manager. Click the Process tab to see which process is utilizing a lot of the CPU. If you see a process doing something and don't know what it is, type the file name into Google and search to see if anything related to viruses or keyloggers comes up. Or, post the file name here for more help. <{POST_SNAPBACK}> Please correctly note what Operating System your refering to. Windows XP Home ctrl+alt+del brings up task manager Windows XP Profesional Brings up options to: Lock Computer, Log Off, Shutdown, Change Password, Task Manager, Cancel. To a novice user using Windows XP Professional will confuse them when the task manager does not open. Share this post Link to post Share on other sites
ASR1405241491 0 Report post Posted June 16, 2005 I recommend using adaware se and hijack this! Make sure you are in safe mode without networking. That way there is no communication online what so ever...After scan with adaware and then open hijack this and search for unfamiliar programs and delete it...THe purpose of hijack this! is to list out all the programs that would start when you first start your computer... By doing this, the next time you start, you wouldnt have to worry about anything starting up...Hope that helped..Chin chin.. Share this post Link to post Share on other sites
organicbmx 0 Report post Posted June 17, 2005 thats some bad news then. should my firewall not be blocking these outgoing messages?im using winxp home for the person that wanted to knowhere are some high using processes - NMain.exe - could be norton??explorer.exe - run under my user not systemesvchost.exegcasdtserv.exeCCAPP.exe - norton agina i thinkCCPROXY.exeCCAPP.exe againVzCdbSvc.exemysqld-nt.exeCCEVTMGR.EXEsymwsc.exeshwserv.exeSNDSrvc.execsrss.exei havent looked at my process list for a while and there is so much on it i dont know. surely there should be alot less. i have lots of programs but still. Could someone post an example of what a process list should look like. also how do i remove programs permently from my process list?thanks - im a bit worried now Share this post Link to post Share on other sites
madcrow 0 Report post Posted June 17, 2005 Heh, I'm always uploading too.... But that's cuz I'm using IRC and P2P... Share this post Link to post Share on other sites
organicbmx 0 Report post Posted June 18, 2005 shall i post the log file from hijack this on here?how do i post it onto the forum? do i just copy the text into the post or shall i attach the file?thanks Share this post Link to post Share on other sites
organicbmx 0 Report post Posted June 19, 2005 Notice from NilsC: This post need to be in quotes. You had 14 hosting credits, The script took 35 hosting credits away, I gave you back so you have 3 hosting credits. Next time I will add the 24 hosting credits I gave back to the amount of credits reduced. You should use quote tags anytime you post a log or a quote like that. i really need to get my winxp back on the net, at the moment i have to knoppix for the net - not a really bad thing but is a bit annoying. here is the hijackthis log file. i can only think to copy and paste - sorry. Logfile of HijackThis v1.99.1 Scan saved at 13:22:26, on 17/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WService.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\FreePOPs\freepopsservice.exe C:\Program Files\FreePOPs\freepopsd.exe C:\Program Files\sony\giga pocket\shwserv.exe C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE C:\Program Files\sony\usbsircs\usbsircs.exe C:\WINDOWS\System32\DRIVERS\WtSrv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\sony\giga pocket\RM_SV.exe C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Sony\My Documents\Downloads\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://forums.xisto.com/no_longer_exists/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WService] WService.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [FreePOPs] C:\Program Files\FreePOPs\freepopsd.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Norton.EXE.lnk = C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE O4 - Global Startup: Remocon Driver.lnk = ? O4 - Global Startup: Timer Recording Manager.lnk.disabled O4 - Global Startup: tvtvforPC.lnk.disabled O4 - Global Startup: WService.lnk.disabled O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - re http://forums.xisto.com/ O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://forums.xisto.com/no_longer_exists/'>http://forums.xisto.com/no_longer_exists/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://zone.msn.com/en-us/home O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://zone.msn.com/en-us/home O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://forums.xisto.com/no_longer_exists/ O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media DB Sync Service (VAIOMediaDBSyncService) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe" /Service=VAIOMediaDBSyncService /DisplayName="VAIO Media DB Sync Service (file missing) O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\DRIVERS\WtSrv.exe O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing) i have alot of processes - too many!!! any ideas/suggestions/help - thanks Share this post Link to post Share on other sites
