TechSpot

Millions of packets sent

By alexherb56
Oct 10, 2006
  1. Every time I connect the DSL cable, millions of packets are sent out, flooding the connection and preventing the incoming packets from being received. I have run full scans from Norton, Spybot, Zone Alarm and Microsoft's Multi-virus cleaner. None of these tools have identified anything or stopped the millions of packets from being sent. Any help or ideas for a next step would be appreciated.
    Thanks.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Let`s check to make sure you don`t have anything nasty on your system.

    Go and read this thread HERE. Post a HJT log and I`ll take a look.

    Regards Howard :wave: :wave:

    This thread is for the use of alexherb56 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. alexherb56

    alexherb56 TS Rookie Topic Starter

    HJT log

    Thanks so much, Howard. Here is the HJT log without a network connection.
    Your efforts are much appreciated.
    Regards,
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download LSPFix from http://cexx.org/lspfix.htm
    1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
    2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
    3. Check the "I know what I am doing" checkbox.
    4. Select (highlight) all instances of 'ctxnsp.dll' in the left column under "Keep".
    5. Click the arrow >> so it goes over to the right column under "Remove".
    6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
    7. Restart your computer

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of alexherb56 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. alexherb56

    alexherb56 TS Rookie Topic Starter

    New HJT log

    Hi Howard,
    Thanks for your help. I have run the lspfix file and the CTXNSP.DLL was in the Remove column as soon as I ran it. I rebooted and attached is the new HJT log. However, the problem persisits when I connect the cable, millions of packets are being sent out.
    Again,thanks for your assistance.
    Regards,
    Alex
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000<Fix this if you haven`t set this proxy yourself or don`t know what it is.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.se1.attbb.net;<local><As above.

    O16 - DPF: {0D0950E6-046D-437A-8985-369BE10C7E2A} (LogOutOCX.LOgOut) - http://iauthor.accenture.com/iauthor/ASP/IALogOut.CAB

    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB

    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

    O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://ftl.gateway.citrix.com/net6helper.cab

    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

    O17 - HKLM\System\CCS\Services\Tcpip\..\{864879D0-B1E7-4EC2-9BEF-4D65657995D5}: NameServer = 205.152.0.5,205.152.16.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = citrite.net,ctxuk.citrix.com,jp.citrix.com,citrix.com.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = citrite.net,ctxuk.citrix.com,jp.citrix.com,citrix.com.au

    Only fix the above 017 entries, if you don`t recognise the domain or the entries are not from your ISP.

    Click on the fix checked button.

    Close HJT. Reboot your system.

    Let me know if that helps.

    Regards Howard :)

    This thread is for the use of alexherb56 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    I don't think it would hurt to install PeerGuardian either.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...