ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 03-04-2014, 03:20 PM   #1
Bit Member
 
Join Date: Nov 2012
Posts: 6
Default Something is constantly uploading

Gentlemen,

Can anyone find anything wrong with this HijackThis logfile? Something is constantly uploading and eating into my expensive prepaid broadband.

Thankyou


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:25:23, on 5/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\NZ.exe
C:\Program Files (x86)\Second Copy 8\SecCopy.exe
C:\Program Files (x86)\ClipMate7\ClipMate.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Users\me\AppData\Roaming\1823\WmiPrv\WmiPrvSE.e xe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
C:\Program Files (x86)\DFX\DFX.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Virgin Mobile Broadband\Virgin Mobile Broadband.exe
C:\Program Files (x86)\XYplorer\XYplorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/se...pvid=20.3.1.22
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=127.0.0.1:9050
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [DFX] C:\Program Files (x86)\DFX\DFX.exe -startup
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files (x86)\Second Copy 8\SecCopy.exe"
O4 - HKCU\..\Run: [Multi Reminders] "C:\Program Files (x86)\Multi Reminders\reminder.exe" -c
O4 - HKCU\..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: TurboLaunch.lnk = C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
O4 - Global Startup: Hard Disk Sentinel.lnk = C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://novastor.cleverreach.com
O15 - Trusted Zone: http://*.google-analytics.com
O15 - Trusted Zone: *.incrediblecharts.com
O15 - Trusted Zone: http://*.novastor.com
O15 - Trusted Zone: *.incrediblecharts.com (HKLM)
O15 - ESC Trusted Zone: *.incrediblecharts.com
O15 - ESC Trusted Zone: *.incrediblecharts.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{120E9387-83BB-471B-9E92-15F0DFAED111}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CA37E37-1FC6-4547-90C7-DB692BA422C8}: NameServer = 123.200.191.17 123.200.191.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{120E9387-83BB-471B-9E92-15F0DFAED111}: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\..\{120E9387-83BB-471B-9E92-15F0DFAED111}: NameServer =
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files (x86)\RapidBIT\cisvc.exe (file missing)
O23 - Service: FSDcSvc - FarStone Inc. - C:\Program Files (x86)\FarStone DriveClone\Files\FsSvcExe.exe
O23 - Service: Genie Timeline Service (GenieTimelineService) - Genie9 - C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.e xe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MediaFire NTFS Monitor (MF NTFS Monitor) - Unknown owner - C:\Users\me\AppData\Local\MEDIAF~1\MFUSNM~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
O23 - Service: Norton Zone (NZ) - Symantec Corporation - C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\NZ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Second Copy VSS Service x64 (ScVssService64) - Centered Systems - C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Virgin Mobile Broadband. OUC (Virgin Mobile Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\Virgin Mobile Broadband\UpdateDog\ouc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wireless Broadband. OUC (Wireless Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\Internode Wireless Broadband\UpdateDog\ouc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11827 bytes
Bookman is offline   Reply With Quote
Sponsored Links
Old 03-04-2014, 04:32 PM   #2
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 30,277
Default

I'm at work right now but read the first sticky in the security section and run the programs suggested and post the logs. Then we will go from there.
johnb35 is offline   Reply With Quote
Old 03-04-2014, 04:42 PM   #3
John's Number One

 
voyagerfan99's Avatar
 
Join Date: Jan 2008
Location: Connecticut
Age: 23
Posts: 17,610
Default

I've moved this into the security section. Follow what John said (instructions of which I have posted here as well).

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
__________________
Gigabyte 790FXTA-UD5 Socket AM3
AMD Phenom II X6 1055T
Lian-Li LanCool PC-K62/600W CoolerMaster SilentPro
8GB G-Skill RipJaw DDR3
Intel 530 180GB SSD/Windows 8.1 Pro
ASUS GTX 670 2GB/Dell UltraSharp U2312HM

Photography Portfolio / Flickr
Quote:
Originally Posted by Cromewell
You know what the chain of command is? It's the chain I go get and beat you with 'til ya understand who's in command here.
voyagerfan99 is offline   Reply With Quote
Old 03-05-2014, 12:09 PM   #4
Bit Member
 
Join Date: Nov 2012
Posts: 6
Default

Gentlemen,

Thankyou for your response.

Alas I had already used System Restore to fix the problem, taking the above HijackThis snapshot first so as to ensure I did not reinstal whatever caused the bleed. I simply hoped someone, in examination of the HijackThis report, would be able to point to the culprit.

Thankyou for your efforts.
Bookman is offline   Reply With Quote
Old 03-05-2014, 12:48 PM   #5
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 30,277
Default

There is so much malware out there right now that will not show up in a hijackthis log. Hijackthis is outdated and really no longer used in malware removal forums.
johnb35 is offline   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
My computer is constantly uploading 120 KB/s and I don't know which program... oregon Computer Networking and Servers 8 07-07-2013 01:20 AM
Weird uploading issues... linkin Computer Networking and Servers 6 11-18-2009 02:26 AM
Power and CPU fan run constantly Doc Weber Desktop Computers 1 12-23-2007 01:02 AM
uploading "blocker" Darman General Software 2 03-08-2007 05:59 AM
100% CPU usage when uploading youtin General Software 3 08-24-2006 08:52 PM


All times are GMT +1. The time now is 10:35 AM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum