• Welcome to Computer Association of SIUE - Forums.
 

Help please!

Started by Shaun Martin, 2006-01-10T00:37:14-06:00 (Tuesday)

Previous topic - Next topic

Shaun Martin

I've ran spybot and Adaware.  Nothing major came up that would be sucking my bandwidth.
Shaun Martin
SIUE Alumni
Associate IT Analyst, AT&T Services, Inc. St. Louis, MO.

raptor

There are a few pain in the butt spyware apps that adaware and spybot won't detect and they DEFINATELY suck osme serious bandwidth.  The only way to detect them would be Hijack This.    here is a link, but be careful this is a powerfull app.

http://www.merijn.org/files/hijackthis.zip
President of CAOS
Software Engineer NASA Nspires/Roses Grant

Geoff Schreiber

raptor is right - if you'll run that and post the log, we can help sort through them...I'll be surprised if it doesn't show part of your problem...
~~~~~~~~~~~~~~~~~~~
Geoff Schreiber
Project Engineer
FASTechnology Group

Shaun Martin

k, giving it a try now.

I'll post the log afterwards.

EDIT: Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:40:11 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shaun\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM (R)] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Shaun Martin
SIUE Alumni
Associate IT Analyst, AT&T Services, Inc. St. Louis, MO.

Shaun Martin

Shaun Martin
SIUE Alumni
Associate IT Analyst, AT&T Services, Inc. St. Louis, MO.

Geoff Schreiber

Shaun, I don't see anything really out of the ordinary, there's a bunch of junk that doesn't *need* to be there, but nothing that should slow you down...  Did you install any new software over break? Updates to McAfee or anything?
~~~~~~~~~~~~~~~~~~~
Geoff Schreiber
Project Engineer
FASTechnology Group

Shaun Martin

I left my desktop in my dorm room over break so I didn't add/remove anything from it.

There's a technician from STC coming here today to check out the data jack.  I'll let you know how that goes.

EDIT:

K, He came and checked the data jack with some device.  He said it was running fine and left...

 :cry:
Shaun Martin
SIUE Alumni
Associate IT Analyst, AT&T Services, Inc. St. Louis, MO.

raptor

OK,

I noticed you are running McAfee.  The university (through OIT) now offers Sophos.  In fact it's somewhat illegal to still be using McAfee.  I know there are some people who do not like Sophos (Lamonica).  Though it does take a little more system resources (about 10meg's memory) there have been several instances where upon installation viruses were detected that McAfee completely looked over.

It is available for download at www.siue.edu/anti-virus

In your case, it is also quite possible that one of your services Windows in running could have been hijacked.  I have seen more than one instance of lsass and svchost having been hijacked and sucking bandwith.  I also noticed you have an HP machine and the Hp Software Update service was running.  Though it is unlikely, that app could be downloading automatic updates causing your lack of bandwidth.  

The best way to see if it is your machine or if its network traffic etc, would be too bring another macine in (a friends or a laptop) that you know is not having problems and see what it does.

*Techinical Note* The thingy the STC tested your jack with is probably whats known as a fluke.

If you have any questions let me know.

Scott
President of CAOS
Software Engineer NASA Nspires/Roses Grant

Geoff Schreiber

It's only illegal if the version of McAfee this student is running isn't his copy, but the university's....

Also, Fluke is a manufacturer of said testing devices, that's not what the devices are called... There's no telling what he used to test the jack...there's too many options.
~~~~~~~~~~~~~~~~~~~
Geoff Schreiber
Project Engineer
FASTechnology Group

Shaun Martin

The HP stuff is for my printer and the McAfee was downloaded from SIUE when they offered it.  I'll try switching to sophos and see what happens.
Shaun Martin
SIUE Alumni
Associate IT Analyst, AT&T Services, Inc. St. Louis, MO.

PatelA

I'm in the labs at the EB and Science building this semester and they run fine.  The labs in Woodland aren't all that great but the speeds are definately higher than in my room.

This is ridiculous.  When I built my new computer I didn't put a dialup modem in there since it wasn't necessary.  This weekend I'm going to put a modem in it from another computer and just dial into the SIU isp because it's going to run faster.

I've got my residents circulating a petition complaining about the internet in Woodland.

Anyone else interested in passing this through their respective areas?

Shaun Martin

I'd be willing to send a petition around in Prairie.  Just send me the info at shmarti@siue.edu or if you are going to the CAOS meeting tonight, I will be there.
Shaun Martin
SIUE Alumni
Associate IT Analyst, AT&T Services, Inc. St. Louis, MO.

Bryan

as much fun as petitions can be, it's not going to do a damn bit of good.  SIUE won't do anything unless there is a good reason to do so.  As I recall the only good reason to ever do anything involved money, and spending it usually wasn't an option.
Bryan Grubaugh
Quickly aging alumni with too much time on his hands
Business Systems Analyst, Scripps Networks.

PatelA

When you know the right people, you can get anything done.  Get 500 residents to sign a petition complaining about the poor internet services and you'll get people to listen to you.