Slowwww Download Speeds

[hoops_humphrey]

Ok so i have a 1.5mb DSL connection and only get download speeds of 30-80 KB/s, I have contacted my isp tech support and he had me run netstat and email the results to him. tech support said i had a ton of malicious software and that is why my speeds were lacking. I have followed the instructions at the top of the board to a T w/out any improvement and now i am posting my hijack this log. Also am posting the netstat results in case they are relevent. Upon running netstat again for this post i have noticed that i have reduced the number of entries there significantly, however download speeds have not recovered. Any help would be greatly appreciated, i would really like to get what i am paying for from my internet connection.

!!!Edit--I decided to run netstat again about 5 min ago, tons of entries now!!! what is going on, second results now posted.

Logfile of HijackThis v1.99.1
Scan saved at 1:39:06 PM, on 6/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\FlashFXP\flashfxp.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Hijack this\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Sid Registration.lnk = E:\ATR1.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.ex e
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe







Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Compaq_Owner>netstat

Active Connections

Proto Local Address Foreign Address State
TCP Humphrey:1025 localhost:1170 ESTABLISHED
TCP Humphrey:1127 localhost:1128 ESTABLISHED
TCP Humphrey:1128 localhost:1127 ESTABLISHED
TCP Humphrey:1170 localhost:1025 ESTABLISHED
TCP Humphrey:1171 cs6.msg.dcn.yahoo.com:nntp ESTABLISHED
TCP Humphrey:1588 64.71.130.122:63985 ESTABLISHED
TCP Humphrey:1592 64.71.130.122:54364 ESTABLISHED




second log:
Active Connections

Proto Local Address Foreign Address State
TCP Humphrey:1025 localhost:1170 ESTABLISHED
TCP Humphrey:1025 localhost:1633 TIME_WAIT
TCP Humphrey:1025 localhost:1635 TIME_WAIT
TCP Humphrey:1025 localhost:1641 TIME_WAIT
TCP Humphrey:1025 localhost:1655 TIME_WAIT
TCP Humphrey:1025 localhost:1659 TIME_WAIT
TCP Humphrey:1025 localhost:1673 TIME_WAIT
TCP Humphrey:1025 localhost:1677 TIME_WAIT
TCP Humphrey:1025 localhost:1679 TIME_WAIT
TCP Humphrey:1025 localhost:1685 TIME_WAIT
TCP Humphrey:1025 localhost:1689 TIME_WAIT
TCP Humphrey:1025 localhost:1693 ESTABLISHED
TCP Humphrey:1127 localhost:1128 ESTABLISHED
TCP Humphrey:1128 localhost:1127 ESTABLISHED
TCP Humphrey:1170 localhost:1025 ESTABLISHED
TCP Humphrey:1637 localhost:1025 TIME_WAIT
TCP Humphrey:1639 localhost:1025 TIME_WAIT
TCP Humphrey:1642 localhost:1025 TIME_WAIT
TCP Humphrey:1645 localhost:1025 TIME_WAIT
TCP Humphrey:1647 localhost:1025 TIME_WAIT
TCP Humphrey:1649 localhost:1025 TIME_WAIT
TCP Humphrey:1651 localhost:1025 TIME_WAIT
TCP Humphrey:1652 localhost:1025 TIME_WAIT
TCP Humphrey:1661 localhost:1025 TIME_WAIT
TCP Humphrey:1663 localhost:1025 TIME_WAIT
TCP Humphrey:1667 localhost:1025 TIME_WAIT
TCP Humphrey:1669 localhost:1025 TIME_WAIT
TCP Humphrey:1671 localhost:1025 TIME_WAIT
TCP Humphrey:1675 localhost:1025 TIME_WAIT
TCP Humphrey:1681 localhost:1025 TIME_WAIT
TCP Humphrey:1683 localhost:1025 TIME_WAIT
TCP Humphrey:1686 localhost:1025 TIME_WAIT
TCP Humphrey:1691 localhost:1025 TIME_WAIT
TCP Humphrey:1693 localhost:1025 ESTABLISHED
TCP Humphrey:1171 cs6.msg.dcn.yahoo.com:nntp ESTABLISHED
TCP Humphrey:1588 64.71.130.122:63985 ESTABLISHED
TCP Humphrey:1592 64.71.130.122:54364 ESTABLISHED
TCP Humphrey:1643 209.10.215.36:http TIME_WAIT
TCP Humphrey:1646 65.164.242.200:http TIME_WAIT
TCP Humphrey:1653 209.10.215.36:http TIME_WAIT
TCP Humphrey:1658 www.blockbuster.com:http TIME_WAIT
TCP Humphrey:1662 209.10.215.36:http TIME_WAIT
TCP Humphrey:1666 servedby.advertising.com:http TIME_WAIT
TCP Humphrey:1670 209.10.215.36:http TIME_WAIT
TCP Humphrey:1687 view.atdmt.com:http TIME_WAIT
TCP Humphrey:1692 65.164.242.200:http TIME_WAIT
TCP Humphrey:1694 a1444.g.akamai.net:http ESTABLISHED

[Mobo]

Rescan once again now with hijack, insert a check next to each of the following then close all other open browser windows and click "fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop



O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Install then launch it. Select each repair option then reboot afterwards and rety things out.
Then download this tool http://www.xp-smoker.com/downloads/xptcprep.exe

[hoops_humphrey]

ok well thanks for the fast reply, i ran hijack this again, removed what you said to, used the tool two or three times, restarted, ran hijack again, looked good, however.....still no improvement in the dl speed. I've noticed that when i run netstat b/f i start my browser(firefox) there are only 5 or so entries, however after i start my browser and run it again there are tons. Anything further i can do?

[Mobo]

Is this only with firefox ? try IE and see if the same situation exists.

[hoops_humphrey]

i guess the situation was a fluke or something, i have rebooted a couple of times but my netstat is just flodded w/ entries:


Active Connections

Proto Local Address Foreign Address State
TCP Humphrey:1025 localhost:1043 ESTABLISHED
TCP Humphrey:1025 localhost:1049 TIME_WAIT
TCP Humphrey:1025 localhost:1050 TIME_WAIT
TCP Humphrey:1025 localhost:1055 ESTABLISHED
TCP Humphrey:1025 localhost:1057 TIME_WAIT
TCP Humphrey:1025 localhost:1059 ESTABLISHED
TCP Humphrey:1025 localhost:1061 ESTABLISHED
TCP Humphrey:1025 localhost:1063 ESTABLISHED
TCP Humphrey:1025 localhost:1067 ESTABLISHED
TCP Humphrey:1025 localhost:1071 TIME_WAIT
TCP Humphrey:1025 localhost:1073 ESTABLISHED
TCP Humphrey:1025 localhost:1075 ESTABLISHED
TCP Humphrey:1025 localhost:1077 TIME_WAIT
TCP Humphrey:1025 localhost:1079 ESTABLISHED
TCP Humphrey:1025 localhost:1081 TIME_WAIT
TCP Humphrey:1025 localhost:1085 TIME_WAIT
TCP Humphrey:1025 localhost:1089 TIME_WAIT
TCP Humphrey:1041 localhost:1025 TIME_WAIT
TCP Humphrey:1043 localhost:1025 ESTABLISHED
TCP Humphrey:1055 localhost:1025 ESTABLISHED
TCP Humphrey:1059 localhost:1025 ESTABLISHED
TCP Humphrey:1061 localhost:1025 ESTABLISHED
TCP Humphrey:1063 localhost:1025 ESTABLISHED
TCP Humphrey:1067 localhost:1025 ESTABLISHED
TCP Humphrey:1073 localhost:1025 ESTABLISHED
TCP Humphrey:1075 localhost:1025 ESTABLISHED
TCP Humphrey:1079 localhost:1025 ESTABLISHED
TCP Humphrey:1044 205.188.8.100:5190 ESTABLISHED
TCP Humphrey:1056 oam:5190 ESTABLISHED
TCP Humphrey:1060 cdn:http ESTABLISHED
TCP Humphrey:1062 cdn:http ESTABLISHED
TCP Humphrey:1064 ar.atwola.com:http ESTABLISHED
TCP Humphrey:1068 cdn.digitalcity.com:http ESTABLISHED
TCP Humphrey:1074 cdn:http ESTABLISHED
TCP Humphrey:1076 cdn:http ESTABLISHED
TCP Humphrey:1080 pr.atwola.com:http ESTABLISHED

[Mobo]

Time to look for a possible backdoot trojan:

Download TDS-3 trojan scanner from http://tds.diamondcs.com.au/index.php?page=download

Then you will need to manually update it so follow the instructions given here
http://tds.diamondcs.com.au/index.php?page=update

Now open the program, pasue until its finished its mini test then click system testing / full scan

If anything is found, right click and select delete to each when the scan completes itself.

[hoops_humphrey]

ok, well thanks again for all of your help. so updated and ran tds3, it found a total of four objects, 3 w/ suspicious filnames, i think it is just because of the way they were named it thought they had two extensions (example C:\hp\bin\python-2.2.1.exe) and the fourth it said was an adware dll, adware.minibug(dll). I deleted all four just to be safe. Sadly no download speed improvement. Next step?

[Mobo]

You do ahev what seems to be unnessecary connections there for sure. Thay dont appear to be adware though so lets try something like installing a firewall like zone alarm free version from http://download.zonelabs.com/bin/free/1012..._55_062_004.exe

Then when it starts the default settings which are to ask for permission for outgoing connections you should be able to see whats up and therefore possibly have a better idea.

[hoops_humphrey]

i am running norton internet security 2005 and personal firewall, is this something i can configure there? i have played around w/ it already trying to fix this, did a program scan which detects all programs that access the internet, went through them all creating rules, didn't find much, except for one which was suspicious, Microsoft Betriebssystem, which i blocked but which did not improve performance.

[hoops_humphrey]

ok so i played around w/ norton a little more then decided to just try zonealarm incase i have already messed something up w/ norton, installed zonealarm, allowed only instant messengers and mozilla access so far, ran netstat and and just dumbfounded:
Active Connections

Proto Local Address Foreign Address State
TCP Humphrey:1025 localhost:1049 ESTABLISHED
TCP Humphrey:1025 localhost:1050 ESTABLISHED
TCP Humphrey:1025 localhost:1054 TIME_WAIT
TCP Humphrey:1025 localhost:1057 TIME_WAIT
TCP Humphrey:1025 localhost:1062 ESTABLISHED
TCP Humphrey:1025 localhost:1066 ESTABLISHED
TCP Humphrey:1025 localhost:1070 TIME_WAIT
TCP Humphrey:1025 localhost:1072 ESTABLISHED
TCP Humphrey:1025 localhost:1076 TIME_WAIT
TCP Humphrey:1025 localhost:1083 ESTABLISHED
TCP Humphrey:1025 localhost:1085 TIME_WAIT
TCP Humphrey:1025 localhost:1093 TIME_WAIT
TCP Humphrey:1025 localhost:1103 TIME_WAIT
TCP Humphrey:1025 localhost:1105 TIME_WAIT
TCP Humphrey:1025 localhost:1107 TIME_WAIT
TCP Humphrey:1025 localhost:kpop TIME_WAIT
TCP Humphrey:1025 localhost:1111 TIME_WAIT
TCP Humphrey:1025 localhost:1115 ESTABLISHED
TCP Humphrey:1025 localhost:1117 ESTABLISHED
TCP Humphrey:1025 localhost:1118 ESTABLISHED
TCP Humphrey:1025 localhost:1120 ESTABLISHED
TCP Humphrey:1025 localhost:1123 TIME_WAIT
TCP Humphrey:1025 localhost:1131 TIME_WAIT
TCP Humphrey:1025 localhost:1133 FIN_WAIT_2
TCP Humphrey:1025 localhost:1135 TIME_WAIT
TCP Humphrey:1025 localhost:1137 TIME_WAIT
TCP Humphrey:1025 localhost:1141 TIME_WAIT
TCP Humphrey:1025 localhost:1145 ESTABLISHED
TCP Humphrey:1025 localhost:1147 ESTABLISHED
TCP Humphrey:1025 localhost:1148 ESTABLISHED
TCP Humphrey:1025 localhost:1151 ESTABLISHED
TCP Humphrey:1025 localhost:1152 ESTABLISHED
TCP Humphrey:1025 localhost:1155 TIME_WAIT
TCP Humphrey:1025 localhost:1159 TIME_WAIT
TCP Humphrey:1025 localhost:1163 ESTABLISHED
TCP Humphrey:1025 localhost:1165 TIME_WAIT
TCP Humphrey:1046 localhost:1025 TIME_WAIT
TCP Humphrey:1049 localhost:1025 ESTABLISHED
TCP Humphrey:1050 localhost:1025 ESTABLISHED
TCP Humphrey:1062 localhost:1025 ESTABLISHED
TCP Humphrey:1066 localhost:1025 ESTABLISHED
TCP Humphrey:1072 localhost:1025 ESTABLISHED
TCP Humphrey:1078 localhost:1025 TIME_WAIT
TCP Humphrey:1083 localhost:1025 ESTABLISHED
TCP Humphrey:1097 localhost:1025 TIME_WAIT
TCP Humphrey:1115 localhost:1025 ESTABLISHED
TCP Humphrey:1117 localhost:1025 ESTABLISHED
TCP Humphrey:1118 localhost:1025 ESTABLISHED
TCP Humphrey:1120 localhost:1025 ESTABLISHED
TCP Humphrey:1125 localhost:1025 TIME_WAIT
TCP Humphrey:1126 localhost:1025 TIME_WAIT
TCP Humphrey:1129 localhost:1130 ESTABLISHED
TCP Humphrey:1130 localhost:1129 ESTABLISHED
TCP Humphrey:1133 localhost:1025 CLOSE_WAIT
TCP Humphrey:1139 localhost:1025 TIME_WAIT
TCP Humphrey:1143 localhost:1025 TIME_WAIT
TCP Humphrey:1145 localhost:1025 ESTABLISHED
TCP Humphrey:1147 localhost:1025 ESTABLISHED
TCP Humphrey:1148 localhost:1025 ESTABLISHED
TCP Humphrey:1151 localhost:1025 ESTABLISHED
TCP Humphrey:1152 localhost:1025 ESTABLISHED
TCP Humphrey:1157 localhost:1025 TIME_WAIT
TCP Humphrey:1163 localhost:1025 ESTABLISHED
TCP Humphrey:1167 localhost:1025 TIME_WAIT
TCP Humphrey:1169 localhost:1025 TIME_WAIT
TCP Humphrey:1171 localhost:1025 TIME_WAIT
TCP Humphrey:1051 205.188.8.100:5190 ESTABLISHED
TCP Humphrey:1056 scsa.msg.yahoo.com:nntp ESTABLISHED
TCP Humphrey:1063 oam-m03c.blue.aol.com:5190 ESTABLISHE
TCP Humphrey:1068 cdn:http TIME_WAIT
TCP Humphrey:1069 cdn:http ESTABLISHED
TCP Humphrey:1073 ar.atwola.com:http ESTABLISHED
TCP Humphrey:1084 cdn.digitalcity.com:http ESTABLISHED
TCP Humphrey:1088 cdn:http TIME_WAIT
TCP Humphrey:1090 cdn:http TIME_WAIT
TCP Humphrey:1092 aolwpaimdl.122.2o7.net:http TIME_WAIT
TCP Humphrey:1116 a1568.g.akamai.net:http ESTABLISHED
TCP Humphrey:1119 a1568.g.akamai.net:http ESTABLISHED
TCP Humphrey:1121 a1568.g.akamai.net:http ESTABLISHED
TCP Humphrey:1122 a1568.g.akamai.net:http ESTABLISHED
TCP Humphrey:1134 fxfeeds.mozilla.org:http CLOSE_WAIT
TCP Humphrey:1146 us.js1.yimg.com:http ESTABLISHED
TCP Humphrey:1149 us.i1.yimg.com:http ESTABLISHED
TCP Humphrey:1150 us.i1.yimg.com:http ESTABLISHED
TCP Humphrey:1153 us.a1.yimg.com:http ESTABLISHED
TCP Humphrey:1154 us.a1.yimg.com:http ESTABLISHED
TCP Humphrey:1164 img:http ESTABLISHED
TCP Humphrey:1168 bc.us.yahoo.com:http TIME_WAIT
TCP Humphrey:1170 bc.us.yahoo.com:http TIME_WAIT