so heres my lil situation. i jsut installed windows vista 64 bit. and i noticed today (after installing my AV) that my downloads were going rather slow, web pages were slow. i look further and notice im downloading, and theres nothing downloading. im connected to some server in maylasia, and some irc2 server. tho nothing is running that would cause this.
i ran hijack this and deleted a buncha ie toolbars n search assistants (i never use IE). the only thing i have seen in the hijack this log that looks amiss is..
if somethings wrong, dont jsut tell me how to fix by downloading some program, tell me what is wrong plz.
i seen to many forums where 'x' is told to get the spysweeper and go away.
really annoying with dialup.
i have a feeling in the back of my mind that its bit defender updating 'in the background'. no such thing on dialup. kaspersky used to do that. tehy dont anymore cause i wont use crap that does that.
tick
i think i found my prob, after a rash of uninstalling and rebooting after each one, it was found to be NERO!!! nero 8 essentials, came with my asus board.
now i can use my internet connection again.
oh, and thats for that google reply...
it helped me absolutely NONE. i found all needed info from tcpview and process explorer. tho google did let me find the wiki page on llnw, and what thier major cousomers were, again, that was NO help.
I Cant Stop Downloading
in Malware Removal
Posted
so heres my lil situation. i jsut installed windows vista 64 bit. and i noticed today (after installing my AV) that my downloads were going rather slow, web pages were slow. i look further and notice im downloading, and theres nothing downloading. im connected to some server in maylasia, and some irc2 server. tho nothing is running that would cause this.
i ran hijack this and deleted a buncha ie toolbars n search assistants (i never use IE). the only thing i have seen in the hijack this log that looks amiss is..
C:Program Files (x86)Common FilesRealtime SoftRTSHookInteropx32RTSHookInterop.exe
not sure what that is or does.
i dont know if i can delete this or not.
orbit is a download manager. the rest is self explanatory.
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:WindowsSysWOW64rundll32.exe
C:Program Files (x86)TencentFoxmailFoxmail.exe
C:Program Files (x86)Common FilesRealtime SoftRTSHookInteropx32RTSHookInterop.exe
G:FlashFXPFlashFXP.exe
C:Program Files (x86)Orbitdownloaderorbitnet.exe
C:UserstickAppDataLocalTempTemp1_TcpView.zipTcpview.exe
G:mircmirc.exe
C:Program Files (x86)Orbitdownloaderorbitdm.exe
C:Program Files (x86)Trend MicroHijackThisHijackThis.exe
C:WindowsSysWOW64DllHost.exe
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:Program Files (x86)Orbitdownloaderorbitcth.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:Program FilesBitDefenderBitDefender 2009Antispam32IEToolbar.dll" (file missing)
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
O4 - HKCU..Run: [Foxmail] "C:Program Files (x86)TencentFoxmailFoxmail.exe" -min
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stoic Joker's T-Clock x64.lnk = C:Program Files (x86)txclockx64Clock.exe
O4 - Global Startup: Orbit.lnk = C:Program Files (x86)Orbitdownloaderorbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:Program Files (x86)Orbitdownloaderorbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:Program Files (x86)Orbitdownloaderorbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:Program Files (x86)Orbitdownloaderorbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:Program Files (x86)Orbitdownloaderorbitmxt.dll/202
O8 - Extra context menu item: ÔÚFoxmailÖÃÌüӸÃRSSƵµÀ/ƵµÀ×é - res://C:Windowssystem32fmrsslink.dll/201
O13 - Gopher Prefix:
O17 - HKLMSystemCCSServicesTcpip..{B9C05618-D87F-4C64-91F4-07529F7FEA6D}: NameServer = 12.183.0.2 12.183.1.4
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:Program FilesCommon FilesBitDefenderBitDefender Arrakis ServerbinArrakis3.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:Program Files (x86)Common FilesNeroLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:Windowssystem32oodag.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:Program FilesBitDefenderBitDefender 2009vsserv.exe
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
if somethings wrong, dont jsut tell me how to fix by downloading some program, tell me what is wrong plz.
i seen to many forums where 'x' is told to get the spysweeper and go away.
really annoying with dialup.
i have a feeling in the back of my mind that its bit defender updating 'in the background'. no such thing on dialup. kaspersky used to do that. tehy dont anymore cause i wont use crap that does that.
tick
i think i found my prob, after a rash of uninstalling and rebooting after each one, it was found to be NERO!!! nero 8 essentials, came with my asus board.
now i can use my internet connection again.
oh, and thats for that google reply...
it helped me absolutely NONE. i found all needed info from tcpview and process explorer. tho google did let me find the wiki page on llnw, and what thier major cousomers were, again, that was NO help.
now i can go back to installing stuff that werks