Networking Question - Serious issue with speed

[Emberhelm]

**Sorry about the wall of text, I tried to break it up as best I could**

Ok, so I woke up this morning to find my internet barely crawling along at about 5 kb/s. This has happened a few times before and I usually either wait it out and it fixes itself or try the "ipconfig /release.../renew" bandaid a few times. But it usually clears up after anytime between a few hours to a few days! Now after the 5th time, I'm just starting to get curious as to what the hell is going on.

I contacted my ISP and they stated my connection is at 96% efficiency and that my internet speed is looking fine on their end. I asked them to check their graph of my network speed (it's a graph that has a realtime analysis of any fluxes in my downloads/uploads) and he said there is a background process taking about 95% of my total bandwidth. So after opening task manager and rifling through the processes and services, I found only a few things that would even relatively be able to siphon my bandwidth:

Akamai Netsession Client
FLEXnet

I ended and uninstalled the Akamai after doing some research and figuring out it could be Malware or was a tag along client with my PS CS5.1. But to no avail, my internet speed was still just creeping along, so I reset my router and defaulted everything, which lead to a brief moment of full internet speed via my ISP's graph. He told me that the usage dropped to about 2% then shot back up to about 94%, we also came to the conclusion it couldn't be my router because it is only a week old and there is nothing peculiar about it.

So both the ISP IT and I gave up and he submitted a ticket to an engineer to take a look at my data. Shortly after, he discovered there was a huge spike in download and activity around 3am. Well, around that time I was skyping and playing some BF3, however... I had been running these two things since 1am. He claimed the activity was fairly low from 11pm - 3am, then it spiked to 99% usage and stayed there. I got off BF3/Skype around 3:30am without noticing any lag or latency issues, so I have no idea what caused this. I have ruled out some possible reasons for the problem:

Windows Update - I have these set to manual and I do them all in bulk every other Friday
Net Clients or Background downloaders (WoW/IjjI/Reactor) - Have all of these turned off and disabled
OOD (Out of Date) Ethernet drivers - Recently updated these due to new mobo

As of now I am completely at a loss and have no idea what to do...any help would be appreciated!

Thanks,
Emberhelm

[Sephiracle]

we also came to the conclusion it couldn't be my router because it is only a week old and there is nothing peculiar about it.

That's honestly a terrible method of determining whether the router is the problem. Hook the computer directly to the modem. If you still experience the same slow down you have ruled out the router.

[Emberhelm]

That's honestly a terrible method of determining whether the router is the problem. Hook the computer directly to the modem. If you still experience the same slow down you have ruled out the router.

Just tried that, still is slow as hell :/

[Sephiracle]

Just tried that, still is slow as hell :/

F8 after BIOS, start safe mode with networking. Try that.

[Emberhelm]

F8 after BIOS, start safe mode with networking. Try that.

Ok, I will give that a go when I get home from work here in an hour. Thanks for the help so far.

[Sephiracle]

Ok, I will give that a go when I get home from work here in an hour. Thanks for the help so far.

NP. Sadly I will probably not be available to answer questions again until tomorrow. But, if its still slow in safe mode, you can rule out a software issue, and is probably either bad cable, wrong net configuration(half duplex probably instead of full or auto detect). If it's fast again, some program is eating up your net. Might have to look into startup programs. Most malware that eats the net is pretty obvious its running though.

[Emberhelm]

NP. Sadly I will probably not be available to answer questions again until tomorrow. But, if its still slow in safe mode, you can rule out a software issue, and is probably either bad cable, wrong net configuration(half duplex probably instead of full or auto detect). If it's fast again, some program is eating up your net. Might have to look into startup programs. Most malware that eats the net is pretty obvious its running though.

Quick questions before you go then:

1. If it is a wrong net config. is there a certain way about resolving that?
2. What is a good Malware tool besides Malware Bytes (already have that one, free version)

Thanks again!

[Sephiracle]

Quick questions before you go then:

1. If it is a wrong net config. is there a certain way about resolving that?
2. What is a good Malware tool besides Malware Bytes (already have that one, free version)

Thanks again!

1. You'll have to select the adapter in the Device Manager to mess with the settings of the of adapter. Additionally, you may want to check your IP settings(Control Panel, Network connections, Properties of IPv4) . If you're using DHCP then typically your settings will be to automatically obtain an IP, and you won't be using a proxy.

2. Malwarebytes is one of the better ones out there. Hijackthis and posting the log may help us figure something out, definitely post the log before doing anything though, otherwise you may ruin your OS and other things.

[Emberhelm]

1. You'll have to select the adapter in the Device Manager to mess with the settings of the of adapter. Additionally, you may want to check your IP settings(Control Panel, Network connections, Properties of IPv4) . If you're using DHCP then typically your settings will be to automatically obtain an IP, and you won't be using a proxy.

2. Malwarebytes is one of the better ones out there. Hijackthis and posting the log may help us figure something out, definitely post the log before doing anything though, otherwise you may ruin your OS and other things.

Okay, yeah I will download Hijackthis and post a log for you. As for my adapter, I know for sure I'm using DHCP, and i think it said IPv6 on my router? I'll have to double check, because I know this is the new "up and coming" IP config.

[Sephiracle]

Okay, yeah I will download Hijackthis and post a log for you. As for my adapter, I know for sure I'm using DHCP, and i think it said IPv6 on my router? I'll have to double check, because I know this is the new "up and coming" IP config.

IPv4 is still what you'd want to look at to determine any issues at this time though.

[Jaerin]

Open your task manager - Click Performance tab and at the bottom click Resource Monitor.

Click the network tab and it will tell you exactly which processes are reading/writing from your network connection. If its not there then I would guess you ahve someone stealing internet from you.

[Emberhelm]

Open your task manager - Click Performance tab and at the bottom click Resource Monitor.

Click the network tab and it will tell you exactly which processes are reading/writing from your network connection. If its not there then I would guess you ahve someone stealing internet from you.

Ah thanks Jaerin for the heads up! I'll give that a go when I get home!

---------- Post added 2012-02-22 at 06:05 PM ----------

Hijackthis log for you guys:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:55 PM, on 2/22/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Tanner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Mythos.T3fun.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startpa...on=6.1-x64-SP0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CorePluginIEBHO - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Arctosa] "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10426 bytes

[Sephiracle]

Open your task manager - Click Performance tab and at the bottom click Resource Monitor.

Click the network tab and it will tell you exactly which processes are reading/writing from your network connection. If its not there then I would guess you ahve someone stealing internet from you.

If he connected directly to the modem, and it was still slow as hell, who would be stealing his internet?

[Deleted]

Go to your routers admin/config page (start > run > cmd > ipconfig, browse to your "default gateway" ip in browser, user/pass is usually on your router).

Find out what speed your line is Syncing at - this will give you a good indication of whether or not the ISP tech is talking crap. No use of the line should affect sync. If this checks out, start > run > msconfig.

Disable all startup items. Go to services, check to hide all microsoft services, disable all. Restart, see if its the same.

BTW Flexnet licencing is part of Adobe's photoshop licencing.

Can't see anything jump out in the log. But do run a good MBAM scan

[Jaerin]

If he connected directly to the modem, and it was still slow as hell, who would be stealing his internet?

Unprotected wireless in the cable modem...not likely, but possible.

[Sephiracle]

Unprotected wireless in the cable modem...not likely, but possible.

Well yeah, but I'm under the assumption it doesn't have wireless capability.