Go to my website http://www.pcbutts1.com/downloads use the email link at the
bottom, put "Running Now" in the subject line and email me. I will send you
my more extensive diagnostic tool, it works better than HJT, with
instructions on how to use it.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Jim" <koehler@btinternet.com> wrote in message
news:1192286950.230976.246240@i38g2000prf.googlegr oups.com...
>A real challenge to all spyware and malware experts.
>
> Please excuse my bad manners in publishing this article in two
> newsgroups simultaneously. I am not sure which one is most likely to
> provide help in solving my problem.
>
> If there is another newsgroup that in which I should post this article
> please let me know.
>
>
> The problem that I have is driving me mad!
>
>
> The problem is that my broadband traffic is at times extremely high
> for completely unexplained reasons.
>
> This is indicated by (1) the daily log kept by my ISP and (2) more
> visibly by the icon in the lower right-hand corner on my screen that
> consists of the two little monitor symbols. It these symbols indicate
> broadband activity by lighting up in light blue - one for up traffic
> and the other for down traffic.
>
> The problem has been around on and off for three months now.
>
> Environment: Windows XP SP2, Symantec Norton 360, Namesco (ISP) and Ad-
> Aware SE Personal. The last of these I run only on demand - usually
> once a day.
>
> When the problem is occurring the daily ISP log shows 4 or 5 times
> normal megabytes per day and the monitor symbols are lit up all the
> time.
>
> Normally the log and the monitor symbols show low broadband activity.
> I have been a fairly light user of the internet. No movie downloads,
> etc. Just emails and web page accesses.
>
> The high activity problem has occurred in two episodes. During the
> first of these (a couple of weeks) the high traffic was more or less
> equally divided between uploading and downloading. But during the most
> recent episode (a couple of days) downloading has been very high while
> uploading was normal.
>
> My traffic has been so high that my ISP's monthly limit is 60% used
> while I am only 40% into the month. I will be charged for any excess.
> I have become so concerned that I am leaving my modem connection to my
> phone line unplugged except when I need to access the internet.
>
> Regarding the first episode: I tried PREVX. It found and removed some
> malware. It reported that it put the following items in "jail".
> zrmkxe.exe (4 KB)
> ykouzmp.exe (4 KB)
> ugstzfqp.exe (4 KB)
> tftp4904 (4 KB)
> shell64.dll (14 KB) (http://www.auditmypc.com/process/shell64.asp)
> rphekn.exe (4 KB)
> gpiawddx.exe 4 KB)
> avgmb.exe (4 KB)
>
> This cleared up the problem but PREVX and Norton 360 do not get along
> with each other - Norton 360 will not work properly unless PREVX is
> not present in the same system.
>
> I spent a considerable amount of time on the Symantec technical help
> line. Symantec finally apparently fixed the problem by activating the
> Norton 360 backup facility. Traffic dropped back down to its normal
> level for a while. I can't understand why this worked - what is the
> connection between backup and the high traffic problem?
>
> Broadband traffic went back to normal for a while but eventually the
> high traffic problem returned on several occasions. They were fixed by
> (1) installing PREVX, (2) doing a scan with it whereby it cleared out
> some malware, and (3) uninstalling PREVX - all of this while
> temporarily disabling Norton 360.
>
> As I said earlier, the second and last episode of the high traffic
> broadband problem began a few days ago. This seems to be different
> than the first episode because the high traffic is mainly downloading
> while uploading is normal.
>
> The big issue with all this is that I need to find out what spyware
> malware is causing my high traffic. Can anyone tell me how to do this.
> Is there some diagnostic software that could be of use here?
>
> Below are some items that might help diagnose my problem. All of these
> were obtained when broadband traffic was very high as indicated by the
> monitor symbols being lit up constantly.
>
> The first item is a HijackThis log file. The last two are snapshots
> are the most active processes in the Windows Task Manager process
> display.
>
> Thanks in advance for your help.
>
> Jim
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -
>