Someone is using my internet or network!Please help me

[Omar]

Someone is using my internet or network!!!Please help me

 

i don't know who

I AM TELLING THIS BECASE THE SMALL (TWO COMPUTERS) ICON ON THE TASKBAR IS ALWAYS BLUE!!

I MEAN ITS ALWAYS GLOWING (I DON'T HAVE ANY AUTO-UPDATE FEATURE OR ANYTHINHG)

IT ALSO GLOWS WHEN I AM PLAYING GAMES OR DOING ANYTHIG!!

I THINK I AM BRODCASTED BY SOMEONE!

 

IT ONLY GLOWS WHEN SOMEONE USES THE INTERNET!!OR DOWNLOADING SOMETHING!!!

[hazelnut]

Hello Omar and welcome to the forum,

 

To try and sort out your problems and fears please post a hijackthis log and someone will try to help you.

 

Instructions are here

 

http://forum.ccleaner.com/index.php?showtopic=1720

[Omar]

My Hijack This log!------------

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:40, on 06-11-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

F:\security\TRENDM~1\INTERN~1\PcCtlCom.exe

F:\security\TRENDM~1\INTERN~1\Tmntsrv.exe

F:\security\TRENDM~1\INTERN~1\TmPfw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

F:\security\Trend Micro\Internet Security 2005\pccguide.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Opera\Opera.exe

F:\Security\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.citech.net:8000

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [pccguide.exe] "F:\security\Trend Micro\Internet Security 2005\pccguide.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - F:\Download manager\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - F:\Download manager\IDA\ida.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{880D0DDA-9E89-437F-B605-F8F55E016121}: NameServer = 203.83.162.5,203.191.33.5

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6953BF1-6635-470E-AA84-F4F71CFF04B7}: NameServer = 203.83.162.5,203.191.33.5

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - F:\security\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - F:\security\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\security\TRENDM~1\INTERN~1\TmPfw.exe

 

---------------------------------------------------

 

Thanks

[rridgely]

Log looks ok.

It has to be some software on your computer connecting.

 

Reset all the rules on your firewall and then reboot. Then see whats trying to connect at start up.(if something you don't know trys to connect then let me know what it is).

 

Also there is this tool

http://www.x32dev.com/connected/whosconnected.exe

 

It will tell you whats connected the to the internet.

[Spysnake]

IT ALSO GLOWS WHEN I AM PLAYING GAMES OR DOING ANYTHIG!!

 

Many programs, especially games, try to connect to internet when started. Some programs keep "calling" home even after start. Naturally, if you was playing some kind of network-based games, there will be traffic.

 

On my school's network this icon glows pretty often even when no action is taken. However, I don't think you are directly broadcasted or anything, as I feel there's nothing on your computer which may interest hackers etc. Could be some nasty worm, though.