I use AOL as an ISP. Right after sign-on things work quite quickly but slow down considerably after just a few minutes of surfing. I've run Spybot, Ad-Aware, Norton AV, and an online virus scan but still have problems. Would you folks look over my HiJackThis log and advise of any problems??
Thanks!!

Hey CoachB22,

It is better to post the HJT log in plain text from notepad so we all can see it. Divide it into reply posts until you get it all posted if it is too large for one post.

Edit: You need to do Windows Updates for one thing, no SP1 for IE 6?
Are you on dialup or broadband?

Thanks for the suggestion on HJT Log. I'll re-post in plain text when I get home. It isn't a large log compared to some I've seen on here.
I am on dial-up service; can't justify broadband although it sure looks sexy.
I've downloaded SP1 but it won't install. I've downloaded and installed all applicable patches/fixes/updates from Microsoft...some requiring overnight downloads. Other than the slow internet service, things seem to be running well. Is SP1 really a must?

Yes, there is a link here somewhere about a Microsoft Security disk (free including shipping) that has most patches and SPs up to Feb 2004. It helps load SPs vs dialup.

I used to have AOL dialup too and your slow connection problem can be caused by slow AOL DNS servers and dirty phone lines. You would have to ping the AOL server, Yahoo, Google sites, and screen print the response times to know for certain.

Ok here is the HJT Log in text.


Logfile of HijackThis v1.97.7
Scan saved at 10:04:28 PM, on 6/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\America Online 9.0\aoltray.exe
E:\WINDOWS\system32\NT_USDM.exe
E:\Documents and Settings\Dad\My Documents\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] E:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] E:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QD FastAndSafe] E:\PROGRA~1\NORTON~1\NORTON~3\QDCSFS.exe /scheduler
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Startup: NT_USDM.LNK = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = E:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Ereg.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38137.7719444444

Your log looks clean... The only obvious option left is to run a trojan scan. TrojanHunter's trial version may be your best bet....

http://www.trojanhunter.com/

You will also need to run Windows update as you are out of date on the OS and the browser.

Yep, I told CoachB22 that yesterday.
:)

Edit... I really need to get to sleep at a reasonable hour... I am getting all of these mixed up.... Anyway, what I said about trojan scan... go with that....

Budfred, I was referring to classicsoftware's post, you are always welcome to jump in any time.

CoachB22, Here is the MS Security disk thread (http://www.pcguide.com/vb/showthread.php?s=&threadid=28145) .
:)

PrntRhd,

I got that, but I was babbling about something else, I have been staying up too late trying to catch up on posts on 3 forums and I just lost track for a little bit there... Sorry for the confusion...

MS CD's ordered and on the way! Got the Office XP while I was there.
There definately seems to be something running in the background when I'm surfing. I will sometimes see "Connecting to Site" when I shouldn't be. Could it just be Norton AV LiveUpdate checking for new stuff?? That is the only thing I know I've got auto-checking.

I appreciate all of the help so far. I'll let you know how long the CD's take to arrive....and their effect.
CoachB

Did you also run TrojanHunter???

Budfred,
I tried downloading TrojanHunter this afternoon. The DL progress bar initially indicated ~30 minutes to download 5.39 MB. After a couple of minutes estimated time had gone to ~45 min, then 1 hour 5, then 1 hour 20, finally after about 15 minutes it seemed to top out at 1 hour 57 minutes.
I'll try late tonight when the teenagers won't whine about tying up the phone line! BTW, I have a ZOOM external modem USB. Could it be on the way out??
Thanks!
CoachB

It sounds like you have dialup and that is just slow... If the modem were failing, it would usually not work at all... It is possible that any malware remaining on your system could be slowing things down... The change in estimated time to complete a download is not unusual as the system calculates how fast your modem is rated and then how fast it is actually working....

Budfred,
Thanks for confiming what I understood about DL estimated times....they change as the program gets "better info".
I tried DL TrojanHunter again late last night. Started off DL'ing at
~ 5KB/sec. By the time AOL disconnected, speed was down to 800 BYTES/sec. Took about 30 minutes to reach that point. That isn't normal is it???

I have another issue that may have some bearing on this problem. Permit me to run it by you. I have an Epox 8KHA+ mobo. There are two capacitors near the PSU connector that are bulging. I've already started looking for a replacement (Abit NF7 ??). Could those caps be affecting USB function??

If I could keep things working as they do in the first 5 minutes or so, I would be perfectly happy.

CoachB

Yep, those bulging capacitors have a few threads devoted to them here.... You will need to get that motherboard replaced ASAP and I would urge you to talk to Epox about getting a new board or refund on the board you have... They used faulty capacitors which caused the problem. Do a search here for more info about bad capacitors.

You can try an online trojan scan to see if that is an issue:

http://scan.sygatetech.com/pretrojanscan.html

BudFred and Others,

Thanks for all of your advice and suggestions. FINALLY able to run TrojanHunter on this system....came up clean. Bulging capacitors are looking mighty guilty!
Contacted Epox about repair/replacement. They will replace the two bulging caps for $15 plus shipping. I figure $10 for shipping so I get two new caps for $25 dollars and a board full of others waiting their turn to blow. (Epox oxymoron = Customer Service)
SO....now looking for a good price on an ABIT NF-7 (been craving that PCI/AGP lock anyway).

Thanks again,
CoachB

Not only will the others eventually go, but there is a good chance that you will destroy the board replacing the two you get from them... I urge you to make as much fuss as you can tolerate... They bought cheap capacitors that were essentially bootleg and their customers pay... NOT fair at all... You might want to do some searching on the web to see if there are any class actions against them for this... They should be offering you a free board replacement... :mad: :mad: End rant............