system really not very happy... network settings a complete mess..

Discussion in 'other security issues & news' started by webyourbusiness, Feb 10, 2005.

Thread Status:
Not open for further replies.
  1. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I have a system I'm trying to clean up - this is a windows XP-SP2 machine with TONS of applications on it.... it's first symptoms were slow logon and slow logoff - these got worse and after removing several applications, the startup was followed by long periods of time when it could not connect to network resources.

    I began by running ccleaner and cleaning up a lot of junk lying around, this did not fix the network connection problems after logging onto the machine - so I figured I'd run the winsock repair utility - this made things worse - it hung during the "Resetting TCP Parameters with Netshell" - and had to be forcibly quit using task manager... now the machine can't access anything network related, and windows firewall won't start, NOD32's IMON won't start, and attempting to open the network control panel results in the machine hanging - any help would be VERY gratefully received that this point...

    cheers

    GHL
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    First go to safe mode/then click start/control panel/network internet connections/network connections/local area connection. right click local area connection and then click repair.


    if you can accomplish this without being in safe mode it would be better, but if not try safe mode.

    bigc
     
  3. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    this is really odd... I've killed off a couple of extra svchost processes and then was able to get into the network properties - so I setup a static internal IP and was able to restart - again, no windows firewall and control panel hangs if I try to get into network - so does IE - but Mozilla works fine...

    attemping your last suggestion...
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I can't repair the connection - it's already working - and repair chokes saying it's already registered with a dns server?!?

    ok - now I have:

    mozilla firefox works fine
    windows firewall won't open - unidentified error cited as the problem
    Eudora hangs
    NOD32 updates off the internal mirror fine (using a name - not a static IP)
    internet exploder won't fire up...
    pings run fine from the dos prompt
    ssh works fine to internal and external machines
    leapftp opens and connects to machines fine...

    oh... explorer on the machine itself seems slower than I care to mention....


    ideas anyone?
     
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi webyourbusiness,

    Do you see any related errors in your event logs? Do you see any sevices in your services control panel that are set to automatic but not running?

    Nick
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you tried:

    Start>Run>CMD>ipconfig /release

    Start>Run>CMD>ipconfig /renew

    and also Winsock Repair as found at the bottom of General Cleaning.

    Cheers :D
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada


    the ip is hard set on a private range - 10.0.0.30 and the gateway, netmask and nameservers are also hard set...

    I tried the winsock repair and it hung - I had to kill it off using process manager....
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    I'm a *nix person - pc's only because of necessity - can you define "event logs" for me in a little more detail please?


    in services.msc - I see a number of "manual" processes that are started, but none that are automatic and not running...


    this is the really odd thing... I'm actually on the problem machine now... it seems like it struggles for about 15 minutes to get something running, then IE and all the other things that would not work, begin working... I'm typing into an IE window now... and the XP firewall now appears....

    hmmmm..
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Open Control Panel and look for and open Administrative Tools. There you can open Event Viewer and look at your system and application logs.

    Nick
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  11. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    The above sounds symptomatic of page file thrashing. You probably have too many background processes (likely including a vast amount of spyware/adware/malware) which are all competing for memory and causing a the OS to thrash virtual memory pages back and forth.

    As a first step, I would be curious to know two things: 1) how much physical memory and virtual memory you have, and 2) how many active processes are attempting to run. The easiest way to determine both is to run "taskmgr" (Start | Run | taskmgr, or CTRL+SHIFT+ESC, or CTRL+ALT+DEL). On the Performance tab note Total Physical Memory and Available Physical Memory (also note PF Usage graph, or Total / Limit / Peak Commit Charge values). Next, switch to the Process tab and note how many active processes are running (status line at bottom gives a quick total as well as the total commit charge and limit commit charge values here also). On XP SP2, you really shouldn't have a need for more than, say, 30-35 active processes (although this is clearly dependent upon what background add-ons and active programs you choose to run). On my XP Pro SP2 machine I currently only have 26 active processes running (including a couple of other apps). During that 15 minute period of lag/thrashing, you might also want to watch that Process tab on Task Mananger for the CPU Usage and Page Faults Delta values (these can be added under View | Select Columns...). Note which processes are hogging the CPU and/or spiking the PF Delta value (you can sort on any column by clicking the respective header).

    If you find too many active processes, then you likely have malware problems. Get some good anti-virus and anti-spyware tools and scrub the system. Some systems have so many active processes that these tools are extremely slow, you can either run them from safe mode or just start manually whacking away those processes that sound non-essential (I know this sounds rather cavalier, but after awhile you know which ones are legit and which aren't). The use of a tool like Sysinternals' Process Explorer (suggested above) can be very useful in this process as well. Also, Sysinternals' Autoruns utility is good for clearing out a lot of the unnecessary crappola that might be trying to start automatically when windows boots up. You might also want to run the System File Checker utility under the Administrator account, Run | "sfc /scannow".
     
  12. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I found that rpc locator was turned off - turning it back on cured the IE problem, but the windows firewall still won't start back up... when I get to the machine I'm comparing services on two similar machines to see what is what.

    Pagefile might be the issue, as it was capped at 384mb - but physical RAM is 1gb and I'm satisfied that there is almost zero chance of spyware/malware problems - this machine has had REGULAR cleanings, runs spybotsd, M$ antispy, ad-aware, nod32, spyware blaster, spyware guard, cwshredder run weekly - ewido run not long back and a host of other cleanup processes run on a regular basic.

    The number of background processes is 26 just after boot - and during the apparent network lockout, the cpu was running at 0-1% and RAM usage was around 191mb - network activity was zero - so you can see why I'm scratching my head and asking myself - "what the heck is this machine attempting to do?"

    When I get into the office later this AM, I'll up the pagefile and compare the services settings - plus view the event logs as suggest.... I'll post back my findings in 3-4 hours.
     
  13. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    ok - I think I got it....

    there were a number of services that simply were not running - perhaps an over-zealous resource freeing session - but I started at the top of the list and worked my way down - every 2 or 3 I found that were not running, I would start them, change their start type from disabled to automatic, then reboot...

    the last reboot I turned on:

    Brother Spooling (a brother printer extension)
    COM+ Event System
    Computer Browser

    I'm sure there are others lower on the list of services - but either COM+ or Computer Browser services were the problem on this particular machine I think... anyone know which is likely to cause the windows inbuilt firewall to NOT start for 15 minutes and for the IE to not respond for the same time?

    tia

    GHL
     
  14. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I would first make sure that the services the firewall depends on are working properly. Service errors will show up in your system log.

    Nick
     

    Attached Files:

  15. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    nick_s,

    thanks - the RPC was disabled, but enabling it and rebooting (a number of times) - did not fix the problem on it's own... I know what the dependencies said - that's why I was scratching my head so hard after an hour of playing with this thing ... it was seriously puzzling that even with those two services mentioned running, it was still not able to start the firewall.

    all fixed now - thanks again for the pointers - the definitely helped!

    regards

    GHL
     
Loading...
Thread Status:
Not open for further replies.