PDA

View Full Version : Broadband Usage Issue



rover1nz
17-07-2009, 04:16 PM
Hi,

I am only into day 10 of my monthly 10GB data allowance but have already gone over. The only thing I am doing is reading web pages, no downloading, video's etc. I have tried turning off all unnecessary running processes and applications and have done virus scans etc. It made no difference. I need to find out what application/s are using all my data allowance.

Does anyone know if there is a program or meter that can tell me which applications are using the data and how much they are using? The only meters I can find only measure total data usage or bandwidth speed.

Thanks in advance

Speedy Gonzales
17-07-2009, 04:19 PM
What program did you scan with? You could post a HJT log, and we'll see whats in it. Are you using wireless? If you are, is it secure?

ronyville
17-07-2009, 04:20 PM
How many PCs are using this connection? Also do you have wireless setup at home that might be open to others?

rover1nz
17-07-2009, 04:33 PM
There are 3 PC's on this secure wireless connection (at work). We are all only viewing webpages. I have scanned with Norton and Avast. Have also installed ShaPlus Bandwidth Meter on all PC's which gives different readings for each PC.

The usage meter is telling me that i am using over 2MB of data just to load a web page which is nearly all text (no photos, ads etc). Total usage today on my pc is 460mb over approx 4 hrs.

Will try to post HJT log before I go home... Do I do that on my pc or on the main pc (server) that everyone is connected to?

Thanks

Speedy Gonzales
17-07-2009, 04:39 PM
Will try to post HJT log before I go home... Do I do that on my pc or on the main pc (server) that everyone is connected to?

Thanks

The one (that you think) is using all the data. If theres nothing suss on this one, then you may have to post a HJT log for the others as well

rover1nz
17-07-2009, 04:44 PM
Here is the one from my pc...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:51 p.m., on 17/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=84&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chst01/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=84&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=84&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5322 bytes

Speedy Gonzales
17-07-2009, 04:48 PM
Uninstall all versions of java its out of date, then update it

Tick these then tick fix checked

Close browsers

I would disable windows defender

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Besides that it looks clean. Next :p

rover1nz
17-07-2009, 04:56 PM
Thanks, will do that 1st thing Monday morning and post the other logs as well as I am off home now. :) Can't stay longer or I'll be locked in for the weekend...

Thanks again for your help

Speedy Gonzales
17-07-2009, 04:58 PM
Install trojan remover below (its a trial) on all of them update it then scan. If its a trojan or rootkit, it maybe hiding. And will be harder to find / remove.

And select all options under the utiltities menu. If any of these are 64 bit tho, dont install it. TR doesnt work on 64 bit

pctek
17-07-2009, 07:33 PM
Hmm.
You have a lot of unnecessary stuff in the HJT log, possibly there is a it of "phoning home" going on with the HP Games thingy, Windows Updates, WIndows snooping, Adobe, etc.

Deny them in your firewall and see if it makes a difference.

Chilling_Silence
17-07-2009, 09:12 PM
They probably wouldnt go through that much.

Login to your ISP and see if they tell you your upload vs download usage. Betcha its a file-sharing app ;)

Blam
17-07-2009, 09:27 PM
Post the log files for the other computers as well.

My suspicions are also a file sharing app....and teens in the house:p?

Tuneznz
17-07-2009, 11:32 PM
Blam... its a work computer set up haha :)

Chilling_Silence
17-07-2009, 11:35 PM
Doesnt mean file-sharing apps cant exist ...