help needed

[Switeck]

If µTorrent was stopped for more than 1 minute when you did the speed tests, chances are something else REALLY IS using up your bandwidth.

...I'd be looking for better antivirus and antispyware software if I were you!

(I recommend SpyBot Seek and Destroy as well as HijackThis.)

[rexdimos66]

this suggetions is only antivirus programms or online prevent ?i wantede to use nod32 what do you think?

[Switeck]

nod32 may already be compromised by viruses/trojans such that it won't detect anything even though your system is thoroughly infected.

You need comprehensive coverage against spyware and adware as well, which most antivirus software INTENTIONALLY ignores. For that, you need programs like Ad Aware, Spybot Seek and Destroy, and HijackThis.

I also use Process Explorer, TCP View, and a hex editor. They turn up things that even the best anti-virus/anti-spyware software might miss, though they usually don't tell me if something's hostile or not.

Get TCP view from www.speedguide.net

Run it and see what ips on the internet your computer is connecting to at this moment.

My guess...therein lies the problem.

Either that or network-using programs are interfering.

Also get Process Viewer from www.speedguide.net -- it should show all the programs and (DLLs?) processes running in the background. One or more of those could also be your problems' source.

Even HijackThis (link unknown atm) might help...but it's an expert-level program that won't explain what it finds. You'll need to use GOOGLE to determine what each program/app/DLL/ect it finds does.

Your problems could also be caused by ALL the above.

Good luck

[rexdimos66]

so i must:

1)download and install spybot search an destroy

2)download hijack this

3)go to www.speedquide.net and run the diagnostics

all the above is corrrect?

spybot search and destroy protects against all known viruses?

or i have to use something else ?

[rexdimos66]

also where in spppedguide can i find those two programms?tcp view and Process Viewer?

[Ultima]

sysinternals.com

[rexdimos66]

in tcp view how can i tell if there is another pc or ip adress that connecting without my permission?is there another name for Process Viewer because i have not found it?

[Ultima]

It's Process Explorer =o And um... what do you mean by connecting without your permission? TCPView knows nothing about permissions, it only shows what connections have been established or are being made.

[rexdimos66]

what i meant is tha bellow is a check with tcp view user-3b... is my pc how can i tell if theres is another ip that uses my connection without my permission ?

svchost.exe:996 TCP user-3b5228c84e:epmap user-3b5228c84e:0 LISTENING

System:4 TCP user-3b5228c84e:microsoft-ds user-3b5228c84e:0 LISTENING

CLI.exe:1836 TCP user-3b5228c84e:1025 user-3b5228c84e:0 LISTENING

alg.exe:2024 TCP user-3b5228c84e:1030 user-3b5228c84e:0 LISTENING

CLI.exe:2756 TCP user-3b5228c84e:1039 user-3b5228c84e:0 LISTENING

CLI.exe:2748 TCP user-3b5228c84e:1040 user-3b5228c84e:0 LISTENING

netscape.exe:3704 TCP user-3b5228c84e:5180 user-3b5228c84e:0 LISTENING

System:4 TCP user-3b5228c84e:netbios-ssn user-3b5228c84e:0 LISTENING

netscape.exe:3704 TCP user-3b5228c84e:1051 localhost:1052 ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1052 localhost:1051 ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1056 a212.205.43.8.deploy.akamaitechnologies.com:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1057 a212.205.43.8.deploy.akamaitechnologies.com:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1059 a212.205.43.38.deploy.akamaitechnologies.com:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1060 a212.205.43.30.deploy.akamaitechnologies.com:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1061 a212.205.43.38.deploy.akamaitechnologies.com:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1062 64.233.183.147:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1063 64.233.183.147:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1065 64.233.187.104:http ESTABLISHED

netscape.exe:3704 TCP user-3b5228c84e:1069 athweb10.forthnet.gr:http ESTABLISHED

AnyDVD.exe:1936 TCP user-3b5228c84e:1076 ip-64-15-129-199.reverse.privatedns.com:http CLOSE_WAIT

[system Process]:0 TCP user-3b5228c84e:1067 sb1.sfx.adbrite.com:http TIME_WAIT

[system Process]:0 TCP user-3b5228c84e:1071 athdslt05.forthnet.gr:http TIME_WAIT

[system Process]:0 TCP user-3b5228c84e:1074 athdslt05.forthnet.gr:36381 TIME_WAIT

[system Process]:0 TCP user-3b5228c84e:1075 65.54.239.210:1863 TIME_WAIT

lsass.exe:732 UDP user-3b5228c84e:isakmp *:*

System:4 UDP user-3b5228c84e:microsoft-ds *:*

svchost.exe:1180 UDP user-3b5228c84e:1055 *:*

lsass.exe:732 UDP user-3b5228c84e:4500 *:*

svchost.exe:1180 UDP user-3b5228c84e:1049 *:*

svchost.exe:1084 UDP user-3b5228c84e:ntp *:*

msmsgs.exe:1912 UDP user-3b5228c84e:1078 *:*

svchost.exe:1240 UDP user-3b5228c84e:1900 *:*

System:4 UDP user-3b5228c84e:netbios-dgm *:*

System:4 UDP user-3b5228c84e:netbios-ns *:*

svchost.exe:1240 UDP user-3b5228c84e:1900 *:*

svchost.exe:1084 UDP user-3b5228c84e:ntp *:*

[rexdimos66]

also spybot sd and ad-aware se is the same usage programms or we must use them together?

[Ultima]

That information tells you nothing about other users being connected without authorization. Spybot and Ad-Aware both do the same thing, but neither are perfect at what they do, so they sorta complement each other (though even combined, they miss stuff).

[rexdimos66]

so i must use them together?or there is a programm that can protect me completely

[rexdimos66]

i ran also the other programm nothing there to but at the test the same <<congest>> i think i will go crazy

[Switeck]

spybot search and destroy protects against few viruses.

It detects and removes Spyware, Adware, and various trojans.

Viruses are typically a different thing than those.

HijackThis lists what programs and DLLs load on windows startup, though it does not describe what those programs and DLLs are used for.

...so you have to use GOOGLE to determine if each one is hostile or not.

The TCP view logs seems strange, were you surfing the web at that moment?

Why would AnyDVD.exe be connecting to ip-64-15-129-199.reverse.privatedns.com?

[rexdimos66]

yes i was surfing at the internet but i dont no why any dvd use these adress but i see it was closing maybe it must check for newer version each time i connect

have you see any other stange ip?

so i must use spybot combine eith ad aware?