Recommended Posts

I been all over this trying to figure out the problem. The problem is that my network been slow for no reason. I already ran a few speed test it it is at 5mbps down and .4 mbps up. And I ran a ping test by using pingtest.net and found nothing wrong there, it all stable and showing normal, like 16ms latency, 2ms jittery with no packet loss. It just felt something is wrong because my Firefox couldn't load the page, I have to click try again 3 times to get the page loading. Last year it wasn't that bad, only have that error like 5 times a day, but now it increased to 100 times a day and it really annoy the heck out of me. I thought it was a DNS issue, so I switched to OpenDNS and it still having the same problem. I check with Chrome, it reported the same problem. What make it worse, recently, a few pages stop loading images for some reason. I already scanned myself for spyware and virus and the result said I am clean, I am not using any program that taking all of my bandwidth, even I don't have my torrent on yet. Only thing that is actively using my bandwidth is my firefox. And I already clean out my cache, I set my cache to be clean out everytime my Firefox close down. I'm using two Firefox, a 3.6 and 4.0b6, they both have the same problem. so basically all my web browser is having the same problem. Is there something that ATT is throbbing my network? And I rarely use my torrent, it been a while since I used it i would say like 2 months ago.

Link to post
Share on other sites

They test anything on the modem and they said that the result is showing all system ok. then why do I keep getting a "Page cannot display" every 5 min and it always 4th reload to get the page reload. there is one more problem, I didn't realized the account holder (I already asked her permission to let me speak for her for network and she granted everything to me) that she brought the modem from ATT, didnt rent. so If the the tech show up and said it the modem, she have to cough up 80 bucks to replace the modem. I told her that she brought the modem, didnt rent it. She told me that she didnt got a choice and have to buy a modem. If they say they tested the modem and it showing everything is fine, then what am I gotta do with the problem? Im showing all unstable latency (a problem for me if i am playing a MMO which happen often -_- ) and my cache is already cleared and i already flushed my dns, and it still having the same problem. my Ubuntu box reporting the same problem. I already told ATT Level 2 tech support about this and they said my modem is showing no problem

Link to post
Share on other sites

Well, if you know anybody else that has an AT&T Modem, borrow it. If the modem is bad and she bought it, then she will have to buy another one anyways or stay with the slowness. Can you post a MBAM and a HJT log and let somebody look at it please. Do the logs in the Malware section.

Edited by MrBill
Link to post
Share on other sites

Well, if you know anybody else that has an AT&T Modem, borrow it. If the modem is bad and she bought it, then she will have to buy another one anyways or stay with the slowness. Can you post a MBAM and a HJT log and let somebody look at it please. Do the logs in the Malware section.

Interesting thing going on. After updating my Ubuntu 9.10 (haven't used it for a month), the problem didn't affect my Ubuntu, everything is fine and load really quickly, all image loaded as it was suppose to. There is no "page cannot display" error at all. And my Ubuntu able to see my networked printer just fine (without HP driver, tired to use their driver but the script file that they provided refused to work for some reason) and I am able to print just fine. So that would mean it point to my XP is the main problem. That mean something going on in my XP is slowing down? I already post the HJT log and no one is replying to it, so I would assume that there is no problem? The other way is to clean install XP? and hopefully that would solve the problem?

Link to post
Share on other sites

I'll leave it to the besttechie malware team to interpret your log. Just posting this reply because it was requested that I look over your log for you.

Did you install this ? C:\Program Files\Everything\Everything.exe

They will need to know if it is the search tool that replaces windows search, or the social networking manager, or if it is the virus you get from an email.

Wait a minute: You are running proxy software C:\Program Files\Growl for Windows\Growl.exe and wonder why your Internet is slow?????

http://www.growlforwindows.com/gfw/help/proxy.aspx

And you are running a beta version of firefox ?

Unless you are a software author trying to debug drivers or programs you have written yourself this is unneeded

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Go to control panel => system => advanced => startup and recovery => settings

Change "Write debugging information" to "NONE" , apply and apply and ok and restart computer.

Do you know what triggered DR Watson? O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

Need to clear this up.

And you are running everything in the sandbox? No wonder you are slow

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

Link to post
Share on other sites
I'll leave it to the besttechie malware team to interpret your log. Just posting this reply because it was requested that I look over your log for you.

Did you install this ? C:\Program Files\Everything\Everything.exe

They will need to know if it is the search tool that replaces windows search, or the social networking manager, or if it is the virus you get from an email.

I use Everything for my window searching tools. It was with me for a long time before the problem occur and it have no access to network because I don't use it for network searching.

Wait a minute: You are running proxy software C:\Program Files\Growl for Windows\Growl.exe and wonder why your Internet is slow?????

http://www.growlforwindows.com/gfw/help/proxy.aspx

I use Growl for Window for my Android Notifier, which mean my android phone got any form of message will send through the network to my computer then Growl will display what kind of message I am getting on my phone. Again, I recently installed Growl last month. the problem occurred last year. So I would doubt Growl for Window have something to do with it

And you are running a beta version of firefox ?

I just using the Firefox Beta version last week. so Again, I compare the speed between 3.6 (stable version) and 4.0B6, the beta one is more responsive but still plague with the network slowness.

Unless you are a software author trying to debug drivers or programs you have written yourself this is unneeded

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Go to control panel => system => advanced => startup and recovery => settings

Change "Write debugging information" to "NONE" , apply and apply and ok and restart computer.

Nope, I'm not a software author and I just put the setting to none

Do you know what triggered DR Watson? O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

Need to clear this up.

I have no clue what is going on with Dr Watson, I noticed it pop up on my process list very often times to times. I kept wondering is there something going on in my computer what would fire up Dr Watson? I checked the event viewer that have something to do with Dr. Watson and there is no log about it. But yes, I noticed it did pop up from times to times for no reason. And I don't know what trigger it

And you are running everything in the sandbox? No wonder you are slow

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

How can Sandboxie affect my network? I use it so rarely. In fact, I never use Sandboxie for my Firefox, I am not that paranoid heh :matrix: I only use Sandboxie to open program that I never heard a company from. The last time I use Sandboxie was like.... 5 months ago. I already disabled Sandboxie month ago because I rarely use it (no auto start up), and I wonder why HJT show Sandboxie is running. I already check the task manager and it not even there

Link to post
Share on other sites

Disable dr watson. If the error that caused it to launch re occurs it will launch again as needed

http://support.microsoft.com/kb/188296

How can Sandboxie affect my network? I use it so rarely. In fact, I never use Sandboxie for my Firefox, I am not that paranoid heh I only use Sandboxie to open program that I never heard a company from. The last time I use Sandboxie was like.... 5 months ago. I already disabled Sandboxie month ago because I rarely use it (no auto start up), and I wonder why HJT show Sandboxie is running. I already check the task manager and it not even there

Apparrently you did not disable it completely or the service would not be running. Go to start / run and type

services.msc

hit enter

locate

Sandboxie Service (SbieSvc)

Double click it,

Click "Stop service"

Click the dropdown and change startup behavior to disabled.

So that is the legit (safe) version of everything.exe the windows search not the virus. That is good to know.

And Growl is acting as a proxy for the android (android notifier) so that should not affect your network.

Are all computers on the network affected or just one?

Is it a wired or wireless network? If wired, check / change cables. If wireless change the channel to see if maybe there is a problem with a neighbor using the same channel as you are.\

Link to post
Share on other sites
Disable dr watson. If the error that caused it to launch re occurs it will launch again as needed

http://support.microsoft.com/kb/188296

Disabled

Apparrently you did not disable it completely or the service would not be running.

I forgot about the services. and I got that disabled along with the startup disabled as well.

Are all computers on the network affected or just one?

Is it a wired or wireless network? If wired, check / change cables. If wireless change the channel to see if maybe there is a problem with a neighbor using the same channel as you are.

I did asked my roommate about it. She say that she didn't noticed the difference and Don't have that problem. Like I said, My Ubuntu (installed in the same XP box) is not affected with the problem. So again it pointed to XP partition, something going on in XP that is having a problem. I remember back in original XP, there were reports that there is a problem with TCP/IP stack that have this similar problem and SP1/SP2 suppose to fix the problem. Possible it is that? And I already changed the network cable many times, it not the network cable. it somewhere between the internet and the keyboard (hopefully you know what that mean =-) )

Link to post
Share on other sites

Is it a wired or wireless network? If wired, check / change cables. If wireless change the channel to see if maybe there is a problem with a neighbor using the same channel as you are.

I did asked my roommate about it. She say that she didn't noticed the difference and Don't have that problem. Like I said, My Ubuntu (installed in the same XP box) is not affected with the problem. So again it pointed to XP partition, something going on in XP that is having a problem. I remember back in original XP, there were reports that there is a problem with TCP/IP stack that have this similar problem and SP1/SP2 suppose to fix the problem. Possible it is that? And I already changed the network cable many times, it not the network cable. it somewhere between the internet and the keyboard (hopefully you know what that mean =-) )

Okay, good troubleshooting there.

If it were a problem with the TCP/IP stack it should show in Hijackthis as a 010 or 018 or 017 entry ( a change to the LSP or HTML filters or TCP/IP stack)

Nothing in your log indicates that; but if you want to run Winsockfix go ahead

http://majorgeeks.com/WinSock_XP_Fix_d4372.html

http://www.home-network-help.com/winsockfix.html

Lets see, what version of Eraser do you have? There was an issue with an older version of it. So you may want to uninstall it and install the newest version.

Have you checked in task manager / process viewer to see if there is an instance of svchost.exe that is using a lot of cpu cycles and/or ram? If so it generally points to an automatic updater (an antivirus updater, google updater...) that is jammed. Disable all automatic updaters (Including changing windows update to manual) restart the pc and then manually update each thing (your antivirus, google, acrobat reader, flash player....go to secunia software inspector and run and check for older vulnerable versions of applications which need to be patched or removed and replaced with the new version).

As I mentioned earlier, sandboxie is running . Look in the list of running processes

C:\Program Files\Sandboxie\SbieSvc.exe

this could be the source of your problems.

Have you tried a "Clean boot" or safe mode with networking?

http://support.microsoft.com/default.aspx?scid=kb;en-us;316434

this will identify if it is windows or an application that is running that causes the problem.

Note that while tcpsvcs.exe is a valid file name, if it is using an abnormally high number of cpu cycles or you have other indications of an infection it may have been replaced by a trojan.

http://www.symantec.com/security_response/writeup.jsp?docid=2002-021121-4532-99&tabid=2

for example.

Scan with MBAM if you have not yet done so. (ah, I see you did so that rules that out).

Link to post
Share on other sites
Lets see, what version of Eraser do you have? There was an issue with an older version of it. So you may want to uninstall it and install the newest version.

Already installed a new version of Eraser

Have you checked in task manager / process viewer to see if there is an instance of svchost.exe that is using a lot of cpu cycles and/or ram? If so it generally points to an automatic updater (an antivirus updater, google updater...) that is jammed. Disable all automatic updaters (Including changing windows update to manual) restart the pc and then manually update each thing (your antivirus, google, acrobat reader, flash player....go to secunia software inspector and run and check for older vulnerable versions of applications which need to be patched or removed and replaced with the new version).

Checked that and al are updated. I forgot to run the Window Update once in a while and it all patched up. and ran it again and all dectected good. one thing I noticed in my task manager, why do I have 10 svchost.eve running? 6 months ago, I used to have only 4 svchost.exe running and now it got to.... 10!

As I mentioned earlier, sandboxie is running . Look in the list of running processes

C:\Program Files\Sandboxie\SbieSvc.exe

this could be the source of your problems.

Sandboxie is already disabled, it no longer running in my process list for a long long time (I already disabled the services as you asked me to) and I uninstalled it.

Have you tried a "Clean boot" or safe mode with networking?

http://support.microsoft.com/default.aspx?scid=kb;en-us;316434

this will identify if it is windows or an application that is running that causes the problem.

One problem, I am unable to go to safe mode for some reason. I believed the mup.sys is corrupted or gone. because It stop at mup.sys and restarted for no reason. So basically I can't get to safe mode if mup.sys is not working. I believe when i got to safe mode one time, it was loading all of those .sys file and then there was a power cut off in the middle of safe mode booting, ever since then, Safe mode is unable to run, even with networking and cmd prompt. that was like last year. can my XP CD repair the issue? I know it able to repair Window itself but not sure if it can repair safe mode. it is the real XP cd, not those recovery CD.

Note that while tcpsvcs.exe is a valid file name, if it is using an abnormally high number of cpu cycles or you have other indications of an infection it may have been replaced by a trojan.

http://www.symantec.com/security_response/writeup.jsp?docid=2002-021121-4532-99&tabid=2

for example.

Scan with MBAM if you have not yet done so. (ah, I see you did so that rules that out).

that process is not showing anything weird, so doubt I have any trojans. And I already ran McAfee Stinger to make sure and it found nothing.

Link to post
Share on other sites

When you get an error on mup.sys it is not mup.sys that has a problem; rather it is the driver that is scheduled to load right after mup.sys.

If you haven't done so you may want to remove the drivers for the network adapter you are using and then reboot so it is redetected and the driver reloaded. It could also be that you have an incorrect driver for it installed.

Could be one of the generic drivers got damaged, go to start / run and type

sfc /scannow

(note space after sfc , and before /scannow)

hit enter

It may prompt for you windows install cd if it finds a missing or damaged system file and there is no backup version saved on the hard drive.

If so , pup it in when prompted.

If it says it is unable to replace a file because it is in use, hit retry a couple times . If still unable, note what file and then click ignore/skip . It will find it again if you run it again.

Link to post
Share on other sites

Could be one of the generic drivers got damaged, go to start / run and type

sfc /scannow

(note space after sfc , and before /scannow)

hit enter

It may prompt for you windows install cd if it finds a missing or damaged system file and there is no backup version saved on the hard drive.

If so , pup it in when prompted.

Done that when I suspected a possible corrupted system file two weeks ago. the SFC didn't detect the problem.

Lately my computer starting to have problem like Standby mode, the processor is still running (fans still running) which that is not right because in the past, if I put it on standby mode, the processor would power down and fan is turn off. So from that point, I decided to do a clean install. It is not a big deal for me because almost all important files is in one folder, so easier for me to create a backup. I went on my Ubuntu and mount the NTFS partition and transfer that folder to my Ubuntu partition. then start to Clean install on the NTFS partition. Everything work so well so far, the network problem seem go away, and finally my computer can see the networked printer and installed the driver for it. It appeared that there must be a rogue software in my computer preventing it. So far, Clean install fixed the problem and I become a happy camper now.

Thank you for helping me with everything. It appeared that solution and solution did not work. one of the reason why I decided to clean install. And now everything is fine. and Im a happy camper. Thank so much for helping me

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...