[grancarol]

I have attached a file that contains my monthly usage since Jan. I can only get the detailed daily usage for the time since the last bill. As you can see in the attached file that my problem started last month actually about 10 days from the end of last month. Having not resolved the problem nor really being able to see how much data I was using I was pretty much turning my computers off so that is what you are seeing for the first part of this month except I forgot on the 3rd and did not shut my laptop down that night when i was through with it. I got laxed and kind of forgot until Aug the 10th when I received the "you have used 75% of your data" email from my provider again warning me of overage charges and wanting me to up my plan and buy more data. So I called my internet provider tech support again trying to find a way to get some real time knowledge of my data usage so I could trouble shoot what piece of equipment was the culprit. I have a dvd player that connects wifi and a TV that connects wifi in addition to my laptop and I live alone. I also have a desk top computer but I had stopped using it because I had my laptop so it stayed off and was actually not even connected at the time because I had moved it and just never set it back up. Talking back and forth to her finally convincing her that I wasn't using the data myself so she had me change the wifi password on the router which I did but talking to her I needed internet access so I put the password in my laptop only. SHe called me the next night but really could not do anything because we could not see the results for 2 days. When I logged in and saw the usage for the day that I had changed the password, I then turned off my laptop. I don't remember which day I did it but the next day or two I decided to leave the router on with none of my equipment connected to it. I had not put the new password in anything but my laptop and my laptop was powered down with the wifi antenna in the off position. When I checked that day there was no data usage. So in my mind leaving the router on with nothing of mine connected and having the data usage back down to null ruled out the neighbor hacking into my wifi. At that point I just started leaving the router off and only turning it on briefly when I need to check something on the internet. That is when I went looking for some freeware to let me see my data usage real time. I think I downloaded bitmeter on the 15th and connected the deskside back and installed bitmeter there too and I went looking for some help on the internet. I found this site and posted my question here on the 20th and literally those data usages that you see (except for one Netflix show on Sun.) were accumulated during my correspondence with you and downloading the utilities. I slide the wifi antenna to the off position when the laptop is on unless I am downloading another tool or uploading the output file. That is the data that you see from the 20th until today. Ok enough background tech support did not have me change my admin password on my router only my wifi password so I just went in and changed the administrative password on the router (the password was "admin"). I also changed the wifi password. I am not going to put the new password on any of my equipment and I will shut this computer down and remove the physical cable to the router. In two days when I can see it on the provider website to verify that the data usage for that day was zero. If it is zero I will again change the passwords on the router but i will turn on my laptop and that is the only thing I will put the password in. I will leave it on for several hours and then in two more days I will look to see what the data usage was for that day. Does that sound like a good way to pinpoint whether it is outside my house or on my laptop?

Or... other suggestions are ALWAYS welcome  

THANKS!!!!!!

Attached Files

•  Data Usage Jan-July.pdf   84.64KB   287 downloads

[Advertisements]

I wanted to make sure I read your email a few time to be sure I understood. Just a few comments for clarity

 

Excellent on changing the Admin password. A frightening number of people (and corporations) forget to change this password.

 

One other things I thought about, check to see that no other accounts (on the Router) have been created. If you want to absolutely certain, you can factory reset the router, then change the Admin p/w and only add your own wireless account. It's a bothersome to do, but affords the best security. Especially now that ISP are charging for bandwidth.

 

Yes, if you're comfortable turning off wireless and the router, etc. that is the best security. Although really kidding, it's true...pretty difficult to hack a powered off device. Also, if someone unknown is still gainin entre', the powering up and down will likely make them move on to someone more easily obliging. My additional concern (because I do this work in a corporate environment too) is "what" nasty stuff is being uploaded/downloaded from these rogue users. Concerning to the home user, but, more so to the corporation.

 

Let's keep this topic open a little longer and keep me posted on how things are going. I want to make sure you're in good shape long term.

[Biscuithd]

I wanted to make sure I read your email a few time to be sure I understood. Just a few comments for clarity

 

Excellent on changing the Admin password. A frightening number of people (and corporations) forget to change this password.

 

One other things I thought about, check to see that no other accounts (on the Router) have been created. If you want to absolutely certain, you can factory reset the router, then change the Admin p/w and only add your own wireless account. It's a bothersome to do, but affords the best security. Especially now that ISP are charging for bandwidth.

 

Yes, if you're comfortable turning off wireless and the router, etc. that is the best security. Although really kidding, it's true...pretty difficult to hack a powered off device. Also, if someone unknown is still gainin entre', the powering up and down will likely make them move on to someone more easily obliging. My additional concern (because I do this work in a corporate environment too) is "what" nasty stuff is being uploaded/downloaded from these rogue users. Concerning to the home user, but, more so to the corporation.

 

Let's keep this topic open a little longer and keep me posted on how things are going. I want to make sure you're in good shape long term.

[grancarol]

Ok so I did the factory reset on the router and reset the passwords again (both wifi and admin to something that I have never used before).  I am game to keep the topic open as long as it takes or until you run out of patience with me J It seems like every day or two there is another story in the news were someone has hacked into some company somewhere so yes I would like to hang in here a little while longer and see if we can figure out what is happening or at least make sure we have stopped whatever it is. Have I told you how much I appreciate your help?  I am learning a lot too so that is just an added benefit. When we started this all I knew to do to stop the data hemorrhage was to cut the power to the router J I am pretty sure that routers were not designed to be turned off and on a lot so that is kind of a temporary fix just to keep me from getting a $10 data usage over charge every time it used 50 Gig which was happening every couple of days. I got them to wave it this month but I am thinking they aren’t as patient as you are and next month they will not be as nice…

I do have a question, in the advanced setup on my router there is a firewall tab that gives 4 options for Firewall security level - NAT Only (default), Low, Medium, and High. When I select High I cant get to anything on the internet. What should it be set to, is "NAT only" ok or do I need to change that too?

Thanks!

[Biscuithd]

Yes, absolutely happy to hang with you and help work this out!

 

I do have a question, in the advanced setup on my router there is a firewall tab that gives 4 options for Firewall security level - NAT Only (default), Low, Medium, and High. When I select High I cant get to anything on the internet. What should it be set to, is "NAT only" ok or do I need to change that too?

I'll spare you the technical mumbo jumbo. I think NAT is fine for the moment. What that does is block computers that are trying to enter your machine. If you we're using VPN and other sophicated connection mediums, I'd recommend turning it up, but as you found out, that stops a lot of everyday use.

[grancarol]

ok so I turned the laptop on at 3:40 and left it on until 6:00. The only internet access was to post this message. I will be out of town for the weekend so I am going to power down my computers and I haven't given the tv or the dvd player the wifi password so I will check Mon. with my provider to see how much data was used. Have a good weekend!

[Biscuithd]

You have a good weekend too!

 

Very interested to see what we see

[Biscuithd]

How do things look upon your return?

[grancarol]

Funny thing my provider doesn't show data usage until it is two days old but it rolls over on the first so you never get to see the data useage for the last two days of the month. I had to rerun my test on Mon. the first. I left the laptop on not logged into but physically connected to the eith ethernet cable to the internet. I left it one for 2 hours, nothing else connected and here is the data usage for that day. Today is the first time I have used the internet this month so I will look tomorrow to see what yesterdays usage was without the laptop turned on. 

 

 

Usage Period Download (in GB) Upload (in GB) Total (in GB) 09/01/2014 3.07 0.11 3.18

Thanks!

[Biscuithd]

I've reached out to my peers on this as well and we have another idea. Once you determine what the new usage is, I'd like you to turn OFF the Web Proxy Auto Discovery.

 

In IE, go to Tools, Internet Options -> Connections -> LAN Settings, you’ll find an option called “Automatically detect settings”. If its ON, turn it OFF. Either way, let me know the setting. 

[grancarol]

Ok the automaticlly detect settings was on so I unchecked the box and here is the data usage from my provider for the first and 2nd. I had nothing connected to the internet on the 2nd and only my laptop for 2 hours on the 1st.

 

 

Usage Period  Download (in GB)  Upload (in GB)  Total (in GB)  09/02/2014 0.00 0.00 0.00 09/01/2014 3.07 0.11 3.18 Totals 3.07 0.11 3.18

 

I turned it off and connected my ethernet cable to the laptop to see what effect it had and the bitmeter pegged out. I was going to leave the laptop open for 30 min or so to see how much data was used and as always I closed out everything and was about to put my laptop down to leave it for a while and I noticed that the data usage went away when I exited out of explorer. I had moved my computer to put it down and my eithernet connection on my laptop can be a little flaky so I wanted to make sure that it was still connnected to the internet so I brought up chrome.... and it connected to google and the bitmeter wass showing no activity. However I went to another website just to make sure it was connected and not just a google screen that came up automatically and all of a sudden the bitmeter pegged out again. I uninstalled Google chrome because I could not find a similar option in the tools menu for chrome and brought up ie again and set that option to on again and clicked ok and then went back in and turned it off trying to recreate what happened the first time but I did not have any luck so maybe it was a short in my ethernet cable. I rebooted my machine and bitmeter still comes up pegged even though explorer is not up nor is anything else.

[Biscuithd]

I'm not completely sold on BitMeter, so I went looking for something I liked better. Have a try at this one. Net Limiter here.  Pick the one for your OS which is the 64 bit, XP, Vista, 7 button on the right. Download, Install and then run it. It's quite verbose and I don't know all the in's and out's, but I'd think that very quickly you should see not only what you're uploading and download, but which program is doing what.

 

Let me know if you have problem or if you quickly see the culprit!

 

Last, (Caveat, I'm using a Windows 8 version, so this might be different), if you go to Window, Open Window, Traffic Statistics (or, play with some of the other options), you can see (on the lower left) an Application List and then a Check Box for only the Active ones. And, you can get graphs for the time selection you choose by All Applications or single applications, etc. We should be able to nail down whether the culprit for your bandwidth issue is inside the laptop or someone or something else. And, if it's inside the machine, we should be able pinpoint the application.

[grancarol]

ok I downloaded Net Limiter and tried to follow what you were telling me to do but it was a little different. There was a Window pulldown menu and then an "Open Popup WIndow" WIth and option for "stats" and that is the other window that you see in the screen capture that I attached.

Attached Files

•  NetLimiter output.pdf   196.1KB   247 downloads

[Biscuithd]

Ok, I now believe in that Bit Meter is not lying to us. I like the other program though as it tells us much more. I'll install your version on one of my other machines so I can tell what that one does. In the mean time, lets look closer at svchost.exe. We've looked before, but let's look again.

 

Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Make sure that Scan All Users, LOP check and Purity check are ticked.
• For 64-bit systems only - make sure that Include 64-bit option is also ticked.
• Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
• Section Extra Registry is also set to Use Safelist.

Under the Custom Scans/Fixes bar in the box paste in the following:

/md5start
svchost.exe

/md5stop

• Push Run Scan and wait patiently.
• Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

[grancarol]

I like the new tool better as well It seems to be a much more powerful tool. I ran OTL but maybe I did something wrong... I ran it twice and both times I only got the OTL.txt file as output. I attached it.

Attached Files

•  OTL.Txt   164.65KB   182 downloads

[grancarol]

Running again Extra Registry wasn't set to Use Safelist