1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pages do not finish loading

Discussion in 'Web & Email' started by 1trueshadow, Sep 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    As of late my connection is sparatic (activity bursts for no reason, little or no activity while loading pages)
    When opening a page, the majority of the page will load and then network activity stops alltogether. The browser continues to "attempt" to veiw the page but my ISP is not sending anymore, for instance the smiles on the left have not apeared yet, netscape is trying to load them but the activity indicator is showing nill

    I have ran Nortan AV, Spybot, Ad-Aware and Highjack this did not turn up anything that would cause that (Posting the HJT report anyway)

    Also, there is a large amount of errors that I am reciving from my ISP. Check this out....
    [​IMG]


    And here is my HJT! log:
    Scan saved at 3:13:54 PM, on 9/12/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Network ICE\BlackICE\rapapp.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINNT\system32\atiptaxx.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Desktop Architect\datray.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.profileofashadow.4t.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
    O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
    O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F662D2E7-A4A0-42ED-9551-67301DA44E3D}: NameServer = 66.103.227.34 216.234.106.87
     

    Attached Files:

  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any issues with the HijackThis Scanlog.

    One thing I would note is the substantial difference in error rate between sent and received. I'm no expert here, but I would speculate that this suggests the problem is less likely with your modem or phone line than your ISP and/or the routing of received packets from wherever you are connected to.

    The connection speed is certainly deficient as well. For comparison, at 2 1/2 hours up time I have a received error rate of 3%

    Another thing that is somewhat puzzling is the high compression rate. I have 10% sent and 3% received.

    Personally I would have a talk with the ISP about these issues; perhaps a different dialup number might make a world of difference.

    By the way, when you do get a lot of those partial page loads, you need to clear your Internet Cache to flush the incomplete files out of there, or you may continue to see the same thing if the browser simply reloads images or pages from cache.
     
  3. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    Thanx Rollin'
    I noticed the error rate right off hand. At one time I was reciving 7 errors a minute!!

    My compresion has always been high. Normal is about 30% sent and 10% recived

    and I would rather switch ISP's then even attempt to talk to their tech support again. It doesnt mater what the question is, the anwser is always "its the phone companys fault"
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Yeah, it doesn't look like you are out in the boonies so there probably is no good excuse for that low connection speed and high error rate. Sometimes different dial-up numbers can help but you are not getting anything near where you should.
     
  5. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    It does not matter. No mater what compainy I use I always get a top speed of 26k. The errors however are a new problem.
    I have sent a message to Michigan Connect.

    Please keep this thread open until I recive a reply from them. Thanx.
     
  6. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    I was able to talk over the phone to the Owner\operator of my local ISP. This is what he thinks is happening:

    About a week ago we had a huge electrical storm here in my city. Many lightning bolts hit ground. Ever sence then, He has been hearing reports from other local ISP including his own that connections are unstable and many of the users are reciveing errors like mine.

    Being that this is a widespread problem affecting many ISPs, I beleve that damage was done to the local phone network in that storm. On monday I will be calling SBC and telling them what is going on at my end and asking if they could check my lines once more.
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Thanks for the follow-up. Let us know if they do confirm a problem on their end.
     
  8. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    SBC said they are not responsible for errors that I am receiving. I also asked them about my connection speeds and they told me that they only guarantee a speed of 14.4!!

    I called back my ISP. All the local ISP's have CONFIRMED that the errors are being received from SBC phone service. Customers using other local phone companies are not affected. SBC still denies responsibility

    As soon as I move out I'm switching to cable!! I wont even have a phone line! I will use my cell as my primary phone and Cable for internet. If they want to treat their customers this way then they better not be surprised when they have no customers left
     
  9. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    one more thing, activity STILL picks up while I am not doing anything, it could be a posible trojan unrelated to my error problem. It seems too controled to be just random reads. Do you know of a program I can use to find out just what programs are accessing the net?
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    A firewall such as Zonealarm or Sygate would be your best bet for intercepting applications that try to connect outbound from your computer or blocking malicious inbound attempts. Both have free versions.

    Alternately you could try you hand at interpreting the real time logs of something like tcpview, portmon and tdimon from system internals.

    Tcpview is easy to use. Portmon is a little trickier, you have to set it up before you make a connection. The same is true for tdimon which has to be open before a connection is established. All three will show various views of tcp/ip activity.

    http://www.sysinternals.com/
     
  11. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    The moment I started TCPView I found the following:

    [​IMG]

    After I made this picture and opened Netscape almost 20 system:8 connections came up and 6 more SVHost Connections where established.

    Someone please tell me what these programs do. I know that SVHost is part of windows, but its for if your running your computer like a server, is it not?

    I have never heard of "system:8" until today. Any and all info would be great.
     

    Attached Files:

  12. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    If I disconnect all the SVCHost Connnections (other then the one pointing back at my own system of pheonix-omega of course) then my connection is fine!! My pages load completly and there is no big slowdown. In fact they are faster then ever!!

    As far as I can tell system:8 is just a legit process doing its job. SVCHost however is alowing multipule unwanted connections to my system. How do I stop this from happening? Is there a way to disable SVCHost?
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Svchost is a host for many required services in XP/2K; you will see multiple instances in the Task Manager. Some you can end task, others not.

    http://support.microsoft.com/?kbid=314056

    The System8 is also a system process; I guess the designation varies, because on my system it is system4; I'm not sure what the difference signifies.

    The IP I see it remotely connecting to is System Internals itself. Do you still have that page open?

    I'm not sure you can do this on Win2k, but open a command prompt and enter:

    tasklist /svc

    do you see a list of services running under each task? Tasklist comes with XP pro, I'm not sure about 2k
     
  14. 1trueshadow

    1trueshadow Thread Starter

    Joined:
    Jun 1, 2003
    Messages:
    86
    Win2K does not have that utillity, but tlist does the same thing as tasklist (Microsoft Knowlagebase Artical 250320)

    On a hunch I opened up Black Ice and looked through the current attacks. (please see TSG thread "Attack Aganst My Firewall") The IP addresses of my current attacks (not the ones posted in the other thread) matched with the SVCHost connections.

    I am going to search TSG's Security Forums for any information about SVCHost.

    Thank you for all your help and insight RR. If there is anything I can do for you guys at TSG let me know :) (y) (I would make a donation, but I am low on funds at the moment)
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Black Ice should be protecting you from the recent spate of rpc buffer overrun exploits, (even if you haven't installed the security patches), which can involve svchost, and I don't see port 135 open in TCPview, so I don't think you are vulnerable there.

    The blocked incoming probes should not inhibit the system any unless there is an absolute flood of them, in which case they would affect your ISPs servers as well. They are certainly not directed at you in particular, since you are for all intents invisible on the web and the probes are just blind hits on an IP that is included in a scanning block

    In any case, with a little work, using those System Intenal free ware tools, you can pretty much figure out what is going on at any given time.

    You're most welcome for the help..
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164309

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice