# Why is my internet uploading so much?



## DrKhumalo (Feb 26, 2008)

When i connect to my ADSL line and just leave it, the upload rate is way faster than the download rate and keeps goin up. I left it fpr 4 hrs just now not with any internet applications open and it managed to upload about 120Mb of i dont know what?


----------



## new tech guy (Mar 27, 2006)

Do you have any offsite backup utility set to automatically run? If you have any tray apps that use the internet such as aim, windows messenger, etc it could be that but i dont think it would upload that much. At most a few kilobytes but not megs. Finally, you sure you dont have anything nasty running in the background?


----------



## lunarlander (Sep 22, 2007)

I would post a HijackThis log for the log specialist to take a look. HijackThis is available here:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Use "Do a system scan and save a log file", and notepad will open with a log of what it finds, copy and paste the contents here. Don't ask it to fix anything.


----------



## AQuickE (Feb 25, 2008)

duplicate post


----------



## AQuickE (Feb 25, 2008)

lunarlander said:


> I would post a HijackThis log for the log specialist to take a look. HijackThis is available here:
> 
> http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
> 
> Use "Do a system scan and save a log file", and notepad will open with a log of what it finds, copy and paste the contents here.


I agree!


----------



## DrKhumalo (Feb 26, 2008)

01/03/2008	11:41:05	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\InboxLight[2].aspx\InboxLight[2]	
01/03/2008	11:41:11	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Imrworldwide (Potentially Unwanted Program)
01/03/2008	11:41:11	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Imrworldwide (Potentially Unwanted Program)
01/03/2008	11:41:17	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\ReadMessageLight[1].aspx\ReadMessageLight[1]	
01/03/2008	12:39:46	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\STYN09IJ\InboxLight[1].aspx\InboxLight[1]	
01/03/2008	12:39:49	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Imrworldwide (Potentially Unwanted Program)
01/03/2008	12:39:49	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Imrworldwide (Potentially Unwanted Program)
01/03/2008	12:40:09	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\InboxLight[2].aspx\InboxLight[2]	
01/03/2008	12:40:13	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SP6VWXYN\ReadMessageLight[1].aspx\ReadMessageLight[1]	
01/03/2008	12:45:25	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\za.msn[1]\za	
01/03/2008	12:45:25	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\ushp[1].css\ushp[1]	
01/03/2008	12:45:26	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SP6VWXYN\ie[1].css\ie[1]	
01/03/2008	12:45:33	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-2O7 (Potentially Unwanted Program)
01/03/2008	12:45:36	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Doubleclick (Potentially Unwanted Program)
01/03/2008	12:45:56	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\search[1].om\search[1]	
01/03/2008	12:47:25	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\wlmcore1[1].js\wlmcore1[1]	
01/03/2008	12:47:25	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\wlmcore3[1].js\wlmcore3[1]	
01/03/2008	12:47:26	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\wlmcore2[1].js\wlmcore2[1]	
01/03/2008	12:47:26	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\wlmcore4[1].js\wlmcore4[1]	
01/03/2008	12:47:26	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CLAV0TQ7\ApplicationMain_12.1.0069.1213[1].aspx\ApplicationMain_12.1.0069.1213[1]	
01/03/2008	12:47:28	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\common[1].css\common[1]	
01/03/2008	12:47:28	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SP6VWXYN\positioning[1].css\positioning[1]	
01/03/2008	12:47:36	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SP6VWXYN\stylesheet_12.1.0069.1213[1].aspx\stylesheet_12.1.0069.1213[1]	
01/03/2008	12:47:37	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\Common[1].js\Common[1]	
01/03/2008	12:47:37	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\Inbox[1].js\Inbox[1]	
01/03/2008	12:47:37	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\01QF4TUJ\contacts[1].js\contacts[1]	
01/03/2008	12:47:39	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SP6VWXYN\EditMessage[1].js\EditMessage[1]	
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	12:48:06	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	13:03:08	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\STYN09IJ\logout[1].srf\logout[1]	
01/03/2008	13:03:13	Not scanned (The file is encrypted) YOUR-0CDC4F5844\User	C:\Program Files\Internet Explorer\iexplore.exe	C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\STYN09IJ\za.msn[1]\za	
01/03/2008	17:38:10 Engine version =	5200.2160
01/03/2008	17:38:10 AntiVirus DAT version =	5242.0000
01/03/2008	17:38:10 Number of detection signatures in EXTRA.DAT =	None
01/03/2008	17:38:10 Names of detection signatures in EXTRA.DAT =	None
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][1].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)
01/03/2008	23:13:51	Deleted YOUR-0CDC4F5844\User	C:\Program Files\Windows Live\Messenger\msnmsgr.exe	C:\Documents and Settings\User\Cookies\[email protected][2].txt\00000000.ie	Cookie-Eyeblaster (Potentially Unwanted Program)

I really duno if this is gona help, or if i even did the right thing


----------



## new tech guy (Mar 27, 2006)

What is this scan from?


----------



## DrKhumalo (Feb 26, 2008)

its from my virus scan program. on saturday for some reason my internet uploaded/downloaded (but mainly uploaded) a gig of nothing and i wasn't even at my pc


----------



## new tech guy (Mar 27, 2006)

How do you confirm this is happening? Is there a monitor on your system showing it? It looks like only normal stuff came up under the scan. What type of computer is it? If i remember correctly, my sister's computer had a strange problem like that before. She has a gateway laptop.


----------



## DrKhumalo (Feb 26, 2008)

i checked on the service provider website and it shows me how many mbs i have left, it also showed me the sessions where it uploaded a lot thats how i know how much it uploaded on saturday. i have an Hp laptop


----------



## lunarlander (Sep 22, 2007)

Somebody may be using your PC to send out spam mail. Download HijackThis and post the log so the log specialist can take a look to see if anything bad is running on your PC.


----------



## new tech guy (Mar 27, 2006)

I was thinking either that or a bot. I hate to be pessimistic and hope it is not malware. But we can never be sure. Go ahead and post an hjt log and we can get a log expert to take a look.


----------

