computer is downloading a ridiculous amouth of data!

DarkManX

Diamond Member
Feb 1, 2000
3,796
2
76
i rebooted my computer last nite and after using it for about 15 minutes i noticed my internet was pretty slugggish, i checked out my DU meeter and notice the graph was pretty flat at a little bit over 1.05megaBYTES/sec !!! i dont have any P2P apps running or any file sharring, just firefox, aim, and IE. im not uploading alot just downloading. according the DU meeter stats i have downloaded 37.33GB toda and uploaded almost 700MB. my ISP is comcast. any ideas on what can be causing this? Im going to reboot because that seems to prevent it at least from a small period of time.
 

Markbnj

Elite Member <br>Moderator Emeritus
Moderator
Sep 16, 2005
15,682
13
81
www.markbetz.net
You can start by running the command netstat -a -b from a command prompt. This will show all the open tcp connections and the processes that started them. There are all sorts of programs, from Skype to weather widgets, that constantly ping servers and download information. If you're really concerned reboot into safe mode with nothing running and see what the activity looks like and how the netstat report changes.
 

DarkManX

Diamond Member
Feb 1, 2000
3,796
2
76
its doing it again! i dont see anything out of the ordniary either. heres a copy and paste: even though some of it got cut off. but i can copy and paste a simmiliar screen from my DD-WRT router.


TCP rkd-8d95ade351a:5180 rkd-8d95ade351a:0 LISTENING 2744
[aim.exe]

TCP rkd-8d95ade351a:11535 rkd-8d95ade351a:0 LISTENING 3172
[aoltpsd3.exe]

TCP rkd-8d95ade351a:11536 rkd-8d95ade351a:0 LISTENING 3172
[aoltpsd3.exe]

TCP rkd-8d95ade351a:netbios-ssn rkd-8d95ade351a:0 LISTENING 4
[System]

TCP rkd-8d95ade351a:4316 kansas.shawnetworks.com:http SYN_SENT 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:1139 localhost:1140 ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:1140 localhost:1139 ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:1147 localhost:1148 ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:1148 localhost:1147 ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:1032 cs43.msg.dcn.yahoo.com:smtp ESTABLISHED 282
8
[YahooMessenger.exe]

TCP rkd-8d95ade351a:1100 64.12.26.113:5190 ESTABLISHED 2744
[aim.exe]

TCP rkd-8d95ade351a:1114 sip12.voice.re2.yahoo.com:5061 ESTABLISHED
2828
[YahooMessenger.exe]

TCP rkd-8d95ade351a:1146 oam-m02b.blue.aol.com:5190 ESTABLISHED 2744

[aim.exe]

TCP rkd-8d95ade351a:1586 ats-dcc.dial.aol.com:5190 ESTABLISHED 3356
[waol.exe]

TCP rkd-8d95ade351a:1587 64.12.26.49:5190 ESTABLISHED 3356
[waol.exe]

TCP rkd-8d95ade351a:3915 205.188.13.40:5190 ESTABLISHED 2744
[aim.exe]

TCP rkd-8d95ade351a:4020 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4041 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4042 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4087 8.15.32.35:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4094 8.15.32.35:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4185 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4192 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4234 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4251 unknown.scnet.net:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4256 63.229.53.7:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4258 unknown.scnet.net:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4259 63.229.53.31:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4268 216.178.39.70:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4270 webmailx.verizonwireless.com:https ESTABLISHED
3800
[IEXPLORE.EXE]

TCP rkd-8d95ade351a:4277 kansas.shawnetworks.com:http ESTABLISHED 91
2
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4298 qb-in-f17.google.com:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4320 kc-in-f176.google.com:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4321 kc-in-f176.google.com:http ESTABLISHED 912
[FIREFOX.EXE]

TCP rkd-8d95ade351a:4261 localhost:11535 TIME_WAIT 0
TCP rkd-8d95ade351a:4317 localhost:11535 TIME_WAIT 0
TCP rkd-8d95ade351a:11535 localhost:4284 TIME_WAIT 0
TCP rkd-8d95ade351a:11535 localhost:4302 TIME_WAIT 0
TCP rkd-8d95ade351a:4104 216.246.87.16:http TIME_WAIT 0
TCP rkd-8d95ade351a:4109 63.229.53.7:http TIME_WAIT 0
TCP rkd-8d95ade351a:4112 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4163 8.15.32.48:http TIME_WAIT 0
TCP rkd-8d95ade351a:4167 webmailx.verizonwireless.com:https TIME_WAIT
0
TCP rkd-8d95ade351a:4181 8.15.32.59:http TIME_WAIT 0
TCP rkd-8d95ade351a:4182 8.15.32.59:http TIME_WAIT 0
TCP rkd-8d95ade351a:4183 8.15.32.10:http TIME_WAIT 0
TCP rkd-8d95ade351a:4236 216.178.39.70:http TIME_WAIT 0
TCP rkd-8d95ade351a:4239 kc-in-f176.google.com:http TIME_WAIT 0
TCP rkd-8d95ade351a:4240 kc-in-f176.google.com:http TIME_WAIT 0
TCP rkd-8d95ade351a:4242 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4243 63.229.53.24:http TIME_WAIT 0
TCP rkd-8d95ade351a:4244 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4245 216.246.87.49:http TIME_WAIT 0
TCP rkd-8d95ade351a:4246 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4247 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4248 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4250 216.246.87.16:http TIME_WAIT 0
TCP rkd-8d95ade351a:4252 216.246.87.40:http TIME_WAIT 0
TCP rkd-8d95ade351a:4257 unknown.scnet.net:http TIME_WAIT 0
TCP rkd-8d95ade351a:4265 63.229.53.24:http TIME_WAIT 0
TCP rkd-8d95ade351a:4266 63.229.53.24:http TIME_WAIT 0
TCP rkd-8d95ade351a:4272 kc-in-f176.google.com:http TIME_WAIT 0
UDP rkd-8d95ade351a:9370 *:* 2728
[LogitechDesktopMessenger.exe]

UDP rkd-8d95ade351a:1112 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:microsoft-ds *:* 4
[System]

UDP rkd-8d95ade351a:1163 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:isakmp *:* 792
[lsass.exe]

UDP rkd-8d95ade351a:4500 *:* 792
[lsass.exe]

UDP rkd-8d95ade351a:phone *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:1175 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:1425 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:1028 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:1165 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:1378 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:1168 *:* 1400
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP rkd-8d95ade351a:5051 *:* 2828
[YahooMessenger.exe]

UDP rkd-8d95ade351a:ntp *:* 1180
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP rkd-8d95ade351a:3595 *:* 3588
[IEXPLORE.EXE]

UDP rkd-8d95ade351a:1602 *:* 3356
[waol.exe]

UDP rkd-8d95ade351a:1111 *:* 2744
[aim.exe]

UDP rkd-8d95ade351a:3702 *:* 912
[FIREFOX.EXE]

UDP rkd-8d95ade351a:1438 *:* 3800
[IEXPLORE.EXE]

UDP rkd-8d95ade351a:1490 *:* 1476
[IEXPLORE.EXE]

UDP rkd-8d95ade351a:1105 *:* 2828
[YahooMessenger.exe]

UDP rkd-8d95ade351a:1392 *:* 1452
[IEXPLORE.EXE]

UDP rkd-8d95ade351a:1900 *:* 1544
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP rkd-8d95ade351a:1594 *:* 1836
[AOLAcsd.exe]

UDP rkd-8d95ade351a:1900 *:* 1544
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP rkd-8d95ade351a:1126 *:* 2828
[YahooMessenger.exe]

UDP rkd-8d95ade351a:netbios-dgm *:* 4
[System]

UDP rkd-8d95ade351a:1127 *:* 2828
[YahooMessenger.exe]

UDP rkd-8d95ade351a:ntp *:* 1180
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP rkd-8d95ade351a:netbios-ns *:* 4
[System]


C:\Documents and Settings\qpck>
 

bruceb

Diamond Member
Aug 20, 2004
8,874
111
106
You got some problems in there including

AOL ... AIM Instant Messenger .... Yahoo Instant Messenger

Those are all high use programs. However, I would suggest
a good Antivirus Scan and also a Spyware Scan and a Trojan Scan
It sure looks like something got into the system. And based on your
upload amount, you are probably being used for P2P even unintentionally.

You don't need the AOL if you are on Comcast .. I would uninstall anything
related to AOL
 

Zepper

Elite Member
May 1, 2001
18,998
0
0
C'mon DarkMan,

One doesn't paste all that carp into a post, one posts a link to the file that contains it... Not a hardware issue anyway - we have a "Security" section under Software.

.bh.
 

Slugbait

Elite Member
Oct 9, 1999
3,633
3
81
My guess is that you are a server. An FTP server, to be more precise.

My wife had the same problem about five years ago. It started with her one day asking me what I'd been doing with her computer...she was rummaging thru Explorer and found a folder she hadn't created. There were more than a few dozen sub-folders: about half were empty. The rest consumed 80 gigs of space on her hard drive. It was a recent hack, none of the folders were more than two weeks old.

Motherload! I copied over the zip file of X-Men 2 (still in the theatre) and unzipped it. Those frackers...it was dubbed in German with Japanese subtitles. Unzipped Photoshop 6: also localized in German. Every damn thing was German. And the five gigs worth of music? These guys had the absolute worst taste...

I found the INF file for the FTP program and changed all of their passwords. Then I set the program to manual, and required a strong password to start it. Then I locked down her system.

The files were a complete waste of time. Shift->Del.