Mysteriously slow internet on one computer

Status
Not open for further replies.

shoenberg3

Solid State Member
Messages
14
Hello,
I have a cable connection. I have two computers connected by direct cable cable and another by wireless connection. Out of these, one of the former suddenly started to have slow internet. Few points that may be significant:
1) The two other computers (cable and wireless) are completley fine.
2) THe computer in question has run a lot of spyware/virus removal programs and removed a lot (and hopefully only) malicious files.
3) It is extremely slow to load a new website. Startup of firefox/aim is also very slow. Curiously though, once on the website, browsing within it is fast as it should be.
Thank you for your help.

ps a more minor annoyance but on my firefox tools->options->network->settings, the default setting is at "manual proxy configuration," in which I have manually change it to 'direct connection to internet" everytime I open firefox. I can never set this setting to stay in effect.
 
I hope you have anti virus on the computer, if so, has anything in that reguard changed? Something we see alot is virus scanners trying to scan network drives, makes for slow loading.

Run hijack this, and compare it against HijackThis Logfileauswertung

that will flag anything known bad, and anything unknown.

Your on the right track though, if other computers seem fine, its probably software on the slow computer. If nothing else, download an app thatll show you a detailed view of real time usage for both network and process;s locally on that computer.
 
Out of curiosity, what are the spec's on that computer? How much memory? What programs are already running in the background when you try to launch the apps that seem to take a while to load??
 
Thanks for your help.

Ironically, the problematic computer is by far the best spec'ed computer (e6700 2gb 7900gs).

Here is another anomaly. The internet on it sometimes (maybe 25 percent of time) returns to normal, while in the rest, it is bleedingly slow.

Winsox seemed to help at beginning but then it went back to slowness after 10 min of browsing or so.
 
That system maybe infected by malwares. You may also try clearing the DNS by doing the following:

Start-->Run, type in CMD to bring up command prompt. At the C: prompt, type in "ipconfig /flushdns" without the quotes and hit enter.
 
Here is my log. Hmm.. I suspect some problem with that ping.exe

Logfile of HijackThis v1.99.1
Scan saved at 11:21:22 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hotaik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoomail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {37660E57-ECDB-498A-B45B-040FC3290454} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lhls] "C:\WINDOWS\system32\RACLE~1\ping.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177283621374
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: jkkiifd - jkkiifd.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rvhsmkos.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
 
OK another thing to note. The internet is normal right after start-up, but slows suddenly after few seconds, which suggests me something is obstructing not necessarily that the connection itself is problematic.

From the hijackthis, i fixed ping.exe but the last entry (DiRT) refuses to go away. (after fixing, another scan reveals it's still running but 'file is missing')
I suspect this one most, because from my dim memory it seems like the day my internet started acting up seems to be close to the day I installed this game..
 
Did you purchase your DiRT from a store, or did you download it from somewhere? Are you running a Proxy for anything?

Go Control Panel-->Administrative Tools-->Services and check if there's any Service(s) that relates or corresponds to DiRT, if so, stop and disable them. Also, look for "Messenger", "Netmeeting", "Remote Desktop Access", "Remote Registry Manipulation", "Task Scheduller", "System Restore", "TCP/IP NetBIOS Helper", "Telnet". Stop and disable all of them under General and Logon tabs.

Reboot into Safe Mode without Networking. Open TaskManager and look for these entries: jkhfg.dll; ping.exe; rundll32.exe; conime.exe; msgrgr.exe. If find any of the above, right click it and select End Process Tree. Run HJT scan and check the following entry to Fix:

O2 - BHO: (no name) - {37660E57-ECDB-498A-B45B-040FC3290454} - C:\WINDOWS\system32\jkhfg.dll (file missing)

Pls make sure all other windows are closed before doing so. Once finished, close HJT. Now go Control Panel-->Folder Options, click on View tab, select "Show hidden files and folders", untick "Hide extensions for known file types" and "Hide protected operating system files". Next, search and delete this file: C:\WINDOWS\system32\jkhfg.dll

Once done, select "Hide hidden files and folders" and check "Hide extensions for known file types" and "Hide protected operating system files". Go here https://europe.f-secure.com/exclude/blacklight/fsbl.exe to download F-Secure's Blacklight Anti-Rootkit. Let it finish scan. If found, delete then reboot normally. If not, just reboot. Now run WinSockFix again, reboot normally. Go Start-->Run, bring up Command Prompt. At C:\ type in "ipconfig /flushdns" without the quotes hit enter, that clears your DNS. Then type "ipconfig /release" followed by "ipconfig /renew". Type exit to close the CMD box. Now run a fresh HJT Scan & Save Log, post it back.
 
Status
Not open for further replies.
Back
Top Bottom