Why are you replying to me? If you read the question it states what OS he is
using. BTW I am a contributor to Wireshark so you trying to be an AHole
backfired.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"wng_z3r0" <wng_z3r0@newsgroups.nospam> wrote in message
news:8EF12E32-AA6C-4A5B-A7D0-CBEA958CF402@microsoft.com...
> Regardless of the nature of pcbutts, which I won't get into here, I
> strongly advise you NEVER to download code from an unknown entity on the
> internet in a scenario that pcbutts is proposing. Not only do you not have
> any information about pcbutts, but you could not even look at reviews from
> a 'trusted authority' such as perhaps CNET as for all you know, you could
> be receiving a unique malware file that is emailed to you. Just a
> suggestion on safe(r) internet habits.
>
> Anyways, specifically concerning your network traffic, try installing
> wireshark, and running a packet trace when the internet connection spikes:
> http://www.wireshark.org/
>
> As it appears you have a malware infestation on your computer, there is a
> possibility that this malware is leeching private information in the
> computer (such as passwords etc) back to a remote server, or perhaps the
> computer is used as a 'bot'. In either case, you really should disconnect
> the computer from the internet until the computer is cleaned. Not doing so
> puts your computer at more risk and most likely others as well.
>
> To begin cleaning your computer, can you please tell me what version of
> windows you are running?
>
> wng
>
>
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in message
> news:fes0ee$phg$1@blackhelicopter.databasix.com...
>> Go to my website http://www.pcbutts1.com/downloads use the email link at
>> the bottom, put "Running Now" in the subject line and email me. I will
>> send you my more extensive diagnostic tool, it works better than HJT,
>> with instructions on how to use it.
>>
>>
>> --
>>
>> Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
>> The list grows. Leythos the stalker http://www.leythosthestalker.com,
>> David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
>> Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
>>
>>
>>
>> "Jim" <koehler@btinternet.com> wrote in message
>> news:1192286950.230976.246240@i38g2000prf.googlegr oups.com...
>>>A real challenge to all spyware and malware experts.
>>>
>>> Please excuse my bad manners in publishing this article in two
>>> newsgroups simultaneously. I am not sure which one is most likely to
>>> provide help in solving my problem.
>>>
>>> If there is another newsgroup that in which I should post this article
>>> please let me know.
>>>
>>>
>>> The problem that I have is driving me mad!
>>>
>>>
>>> The problem is that my broadband traffic is at times extremely high
>>> for completely unexplained reasons.
>>>
>>> This is indicated by (1) the daily log kept by my ISP and (2) more
>>> visibly by the icon in the lower right-hand corner on my screen that
>>> consists of the two little monitor symbols. It these symbols indicate
>>> broadband activity by lighting up in light blue - one for up traffic
>>> and the other for down traffic.
>>>
>>> The problem has been around on and off for three months now.
>>>
>>> Environment: Windows XP SP2, Symantec Norton 360, Namesco (ISP) and Ad-
>>> Aware SE Personal. The last of these I run only on demand - usually
>>> once a day.
>>>
>>> When the problem is occurring the daily ISP log shows 4 or 5 times
>>> normal megabytes per day and the monitor symbols are lit up all the
>>> time.
>>>
>>> Normally the log and the monitor symbols show low broadband activity.
>>> I have been a fairly light user of the internet. No movie downloads,
>>> etc. Just emails and web page accesses.
>>>
>>> The high activity problem has occurred in two episodes. During the
>>> first of these (a couple of weeks) the high traffic was more or less
>>> equally divided between uploading and downloading. But during the most
>>> recent episode (a couple of days) downloading has been very high while
>>> uploading was normal.
>>>
>>> My traffic has been so high that my ISP's monthly limit is 60% used
>>> while I am only 40% into the month. I will be charged for any excess.
>>> I have become so concerned that I am leaving my modem connection to my
>>> phone line unplugged except when I need to access the internet.
>>>
>>> Regarding the first episode: I tried PREVX. It found and removed some
>>> malware. It reported that it put the following items in "jail".
>>> zrmkxe.exe (4 KB)
>>> ykouzmp.exe (4 KB)
>>> ugstzfqp.exe (4 KB)
>>> tftp4904 (4 KB)
>>> shell64.dll (14 KB) (http://www.auditmypc.com/process/shell64.asp)
>>> rphekn.exe (4 KB)
>>> gpiawddx.exe 4 KB)
>>> avgmb.exe (4 KB)
>>>
>>> This cleared up the problem but PREVX and Norton 360 do not get along
>>> with each other - Norton 360 will not work properly unless PREVX is
>>> not present in the same system.
>>>
>>> I spent a considerable amount of time on the Symantec technical help
>>> line. Symantec finally apparently fixed the problem by activating the
>>> Norton 360 backup facility. Traffic dropped back down to its normal
>>> level for a while. I can't understand why this worked - what is the
>>> connection between backup and the high traffic problem?
>>>
>>> Broadband traffic went back to normal for a while but eventually the
>>> high traffic problem returned on several occasions. They were fixed by
>>> (1) installing PREVX, (2) doing a scan with it whereby it cleared out
>>> some malware, and (3) uninstalling PREVX - all of this while
>>> temporarily disabling Norton 360.
>>>
>>> As I said earlier, the second and last episode of the high traffic
>>> broadband problem began a few days ago. This seems to be different
>>> than the first episode because the high traffic is mainly downloading
>>> while uploading is normal.
>>>
>>> The big issue with all this is that I need to find out what spyware
>>> malware is causing my high traffic. Can anyone tell me how to do this.
>>> Is there some diagnostic software that could be of use here?
>>>
>>> Below are some items that might help diagnose my problem. All of these
>>> were obtained when broadband traffic was very high as indicated by the
>>> monitor symbols being lit up constantly.
>>>
>>> The first item is a HijackThis log file. The last two are snapshots
>>> are the most active processes in the Windows Task Manager process
>>> display.
>>>
>>> Thanks in advance for your help.
>>>
>>> Jim
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> -
>>>
>>
>>
>