Reduced Download Speeds

Hello guys, I am new to this particular forum.
Around 10 days ago I started experiencing reduced download speeds from all Web sites with (2) exceptions_Downloading from my Anti-virus provider and from my Internet provider.

I have a BB 256/1500kbps Plan from Bigpond with an approximate maximum Download speed of 162kbps, which up until 10 days ago I was achieving.

From all sites my maximum speed is now around 30kbps, with the (2) exceptions previousely mentioned.

All attempts to overcome this problem with the help of my Server has been unsuccessful.

I have (2) Computers in seperate locations in my house, both on BB and both on independant Modems, not Networking. Only (1) Modem is on at any one time.
If I activate my second Computer and start a download it will download at around 157/162kbps. If I start the Computer I am having the problem with, select the same Web site and the same file I get 27/31kbps, which would indicate an isolated problem on this particular system.

I have carried out all the obvious problem sorting advice, turning off Firewall and Antivirus, deleting all history in Internet Explorer, changing Modems, to no avail.
My Ethernet Ports are located on the MOBO, so I installed a Temporary Ethernet Card, but the problem still exists.

I attempted to do a System Restore hoping this may overcome the problem, but after 14 attempts over (2) months with the repeated dialogue"Unable to Restore your System to the selected date", I gave up.

My Computer Spec are:- Windows XP Home 2002 SP2
Intel P4 3.2hgz 1.00GB RAM
CA Internet Security Suite
Ad-Aware 2007---Registry Mechanic-----Trojan Tool Remover

I have fully completed all scans for the Hijack Report, which has taken some time because I have over 500,000 files on my system, with minimal problems being found.

Hoping you can assist me with my problem

John W

 

Attached Files

 

Completed Scan Results, I hope I have done this correctely.

John W

 

Hi Woodduck!
Welcome to MajorGeeks!

You have some things which need fixing. Please be patient while we look through your logs.
Thanks!
abri

 

Thank you abri.

After two weeks of this problem, you could say I am desperate. I thought I could solve most problems, but not this one.
Your assistance greately appreciated.

John W

 

Woodduck!

Have you been using your security system for awhile or is it new? You might try going to Run ... then type in msconfig and go to the system start tab and see if the program Retrospect or retrorun.exe is in the list. If so, uncheck it, reboot and see if this helps your speed at all. retrorun.exe is the backup program for your security suite and runs in the background, taking up some of your resources. Regardless of what you find out, please go back into msconfig and return it to normal system start on the general tab.

abri

 

Last question:

Do you know what this is and is it something you put on your computer?

FusionHDTV

 

abri,
Thank you for responding.
(1) Retrospect is a Software Programme for my Matrox External Backup HDD, and Retrorun is not listed in Startup.

(2) Fusion HDTV_ is DVICO Fusion High Defenition Digital TV. I have a HDTV DVICO TV PCI Card in my system

CA Anti Virus, Firewall and Internet Security Suite, formally E Trust, I have been using for around (7) years.

I have been on ADSL for around (8) months with Download speeds on this system of around 162kbps until 10 days ago, now 30kbps.

My second Computer on the same line and same ISP maintains 162kbps.

I felt that somehow I had been Hijacked for whatever purpose, particularly when I could not select any System Restore Points.

John W

 

Hi John!

One other question and regardless of the answer, please continue with the following set of instructions. Your CA security suite shows that you put it in on August 4th. If you've been using it for 7 years, was this by any chance an upgrade? We wondered if this might be slowing down your internet connection. (easy enough to know, if your other computer is using the same thing without showing the same problems.)


1) Please look in Add/Remove Programs for the following and uninstall them if found. If you get any errors just make a note and proceed.

2) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

3) Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


6) After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

Please make sure your antivirus program is running again as it should. It probably will have started again when you rebooted and that is fine. Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

abri

 

Hello abri,

CA Security Suite had been re-installed at that date. I have had several problems with this programme recently, one of which is QOELoader, which was creating problems with Outlook Express, and Auto Empty Recycle Bin on Startup. I have resolved those problems.

Please note that Registry Booster has been removed from my System.

Please note that in your Instructions*4) Files to Delete:I had already deleted these files from my System.

Pleas Note Instruction *3) File name "fixme.reg". The following Error is displayed when attempting to complete the task:- Cannot Copy fixme.reg. The specified File is not a registry script. You can only import binary registry files from within the Registry Editor.

Thanking you for your assistance.

Required Scans attached.

John W

 

abri,

The Avenger file

John W

 

Hello again abri,

A couple of Questions I forgot to answer:-

Instruction *1) The 5 items listed were found and removed.

With the exception as previousely noted I have had no problems with your Instructions.

Download speeds have not altered.

I am still at a loss to understand why all selected Restore points in System Restore would appear to be corrupted.

CA Internet Security Suite. I am almost positive that prior to un-installing and re-installing this programme Download speeds were normal. This has just occurred to me.

My second Computer is running AVG Free with appropriate Spyware and Windows Firewall.

Again, thank you for your assistance.

John W

 

Try uninstalling it (not disabling it) and put on AVG. Just for information, see if this helps your speed. A lot of the companies who've gone to security suites have produced products that are too bulky.

Windows Firewall is not adequate. Please install one of the free firewalls we'll list in the closing instructions and at that time when you install a new one, turn the Windows Firewall off.

How were they deleted? Did you delete them yourself? BitDefender tried to delete the two .rar files and couldn't, so unless you found them and deleted them yourself, they are still there and will still need to be deleted. I'll get back to you about this and about the restore points.

abri

 

Hello abri,

I uninstalled CA Internet Security Suite and checked downloads from various Web sites that I normally use.
The Download speed was not affected, maintaining a 27/33kbps. I have reinstalled AV.

Downloading the Test file from my ISP I achieved 161kbps, which has been constant.

Going to Google and selecting a speed Test from www.bandwidthspeedtest.com, I achieved 37.3kbps.

The (2) rar files from COPY SOFTWARE I personally deleted as I had no further use for them.

John W

 

Hi John!
Why do you think your restore points are corrupt?

You have some things in your registry that shouldn't be there. First let's try rerunning the fixreg that didn't work the first time. That might help with some of the other problems. If it doesn't work this time, I'll try it as a zip file, but read the instructions again. I've modified them slightly.

Copy the contents of the below Quote Box including the word REGEDIT4 to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Tell me if it works this time!
abri

 

Hello abri,

One of the solutions I tried in an attempt to overcome this problem I have was to use System Restore.

I selected a total of (14) Hilighted Restore points between 1/7/07 and 31/8/07 and recieved the same message each time, "System Restore was unable to Restore your Computer to the selected date", please select another date.

I have not encountered this problem in the past.

I have successfully installed "fixme.reg" file, but the Internet download problem still persists.

John W

 

Just my curiosity here. Did you install them? This is what is infecting your computer. KeyFinders. BitDefender tried unsuccessfully to delete them, so I'm not sure that they're gone yet.

The system restore points are infected because your computer was infected and the information was stored in the system restore points. It would help me if you can rerun BitDefender and let me see if your deleting those two files had any effect on what BitDefender finds. It may be possible for BitDefender to run selective scans which would save you some time. If so, please have it scan only C:\COPY SOFTWARE and then C:\System Volume Information You'll have to produce separate logs in the same way as for the usual instructions in Point 6A of the READ & RUN ME FIRST which means storing the report as a text file. If it can't run selective scans, please run the whole thing as per the instructions in the READ & RUN ME.

Thanks.

abri

 

Hello abri,

The (2) rar Files were not installed on this Computer. I did unpack initially and then deleted the unpacked Files. The (2) rar files were saved for future usage but I decided they were no longer required.

All zip and rar files are scanned before extracting.

I decided to run a full BitDefender Scan as the "System Volume Information" folder on C/: was empty.

I was on the Google Web Site today doing a search for a Program called ETSLauncher when I came across a Post with an identical problem to what I am having, but you had to Pay and Register to view any replies which may not have been productive, I have included the Link:-

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_20433560.html

Scan attached, thanking you for your assistance.

John W

 

Hi Woodduck!
I don't recommend anything on the internet asking for money when it comes to getting advice for your computer. Your BitDefender log is clean now. Either Bit's report was false or your own antivirus didn't pick them up. The rar files were coded in an odd way which would have made them hard to see. I believe the viruses which made it impossible for you to go back to previous restore points may have come in with the keychanger program. I'm not sure when you installed it, but you started trying to go back to earlier restore points two months before you came in here. The slow-down, which is a separate problem, started around 10 days before you came in here and may have been associated with a reinstallation of your antivirus software.

First of all, I would consider that these two problems may have been separate problems and that one may have built on the other. You reinstalled a security suite (a fairly complex item) onto a computer which was already infected and your security suite did not pick up the infection. (No piece of existing software can identify everything. That's why we use a group of different tools.) It's quite possible that the virus made changes to your antivirus program.

Additionally, there are a number of reasons why a connection might slow down, but I think the one I would look at first is what caused you to go back to try an earlier restore point in the first place two months before you came here. What symptoms were you having at that point? Was it then that you installed the keychanger? (By the way, not all keychangers are infected with viruses, but the one you got was.) Was your system already running slowly with downloads at that time or did the slowdown occur 10 days before you came to see us when you reinstalled your antivirus suite?

I would like for you to run one last scan for a rootkit to see if it brings up anything. I failed to ask you to send me fresh logs for ShowNew (newfiles.txt), GetRunKeys (runkeys.txt) and HijackThis. I would like to check them one last time and make sure the MSConfig keys were deleted as they should have been.

If none of these things show any signs of malware, I would ask that you post in as exact detail as possible, the answers to the questions above along with some of the technical details of your computer in either the hardware or software forums. I don't know what the removal procedure is like for CA, but for Symantec, you actually have to use a special removal tool to get their software out of your computer. If CA has become equally complex, it may be necessary to take similar steps with their software as well.
Also, the people here would want to know things like, when you tested the modem against the other computer, were both modems good on the good computer and both modems bad on the bad computer.

Please do the following:

 

Hello again abri,

Just to correct a possible misconception:-

I did not try to create a System Restore two months ago because I was having problems.

I attempted a System Restore the day prior to Posting in this Forum. I selected a total of (14) hi-lighted days from the 30/8/07 to the 1/7/07 but the System was unable to complete the Task.

The B/B slow down became evident to me around 10 days prior to Posting. It could have happened prior to that, even after Un-installing and Re-installing CA.

The Key Loggers were not installed on my System. I did unpack and open the Files to check contents, but I did not run the programme. I deleted the files and saved the RAR zip files for future use, but I then decided to delete them also.

Both Modems run perfectly on Computer (2) maintaining exact speeds of around 140/170kbps, and both Modems run speeds of 27/40kbps on Computer (1), selecting the same Web sites and the same Files.

I have also installed a new Network card and changed Ethernet cables without any change.

I have completed the required Scans but there did not appear to be any evident problem

John W

 

abri,

The Hijack File Log

John W

 

Hi John!
Sorry the slow download problem has not been resolved. Your logs are clean. Below I'll ask you to follow our final cleanup steps which include deleting all your previous restore points and setting a fresh one. I don't know if you could ever use your bad restore points again, because they were all infected. One thought I have about the slowness of your download time, is that you have some software conflict going on between at least two of your programs. I think you should take this problem to the software forum next and try some trouble-shooting.

It's not clear to me why you originally uninstalled CA and reinstalled it on August 4th unless you were having trouble with it or were instructed to do so. That piece of information might be very helpful. In my experience, the security suites have grown beyond their functionality for some computers. I've watched this happen to at least two major reputable antivirus programs which went to security suites.

Msconfig is a useful diagnostic tool, because it allows you to shut down startup items one at a time and see if anything makes a difference, but there are a number of additional ways to look for this problem and I think since the problem wasn't solved in the malware section, that it would be good to continue in the software and hardware sections. You have the advantage of having two computers, so you are in a position to compare both the software and the hardware of those computers.

Please follow the instructions below. You can uninstall BlackLight too.

 

Hello abri,

I have removed all Programmes that were used during the Scanning process.

CA was uninstalled as a last resort because I was having problems with the Recycle Bin being emptied on every Startup. I finally located the problem in the Privacy section of CA in Advanced Settings where cache was cleaned on Start.

This had been introduced in a recent CA update.

I agree with your comment about Security Suites, CA has become too invasive, and I have had to reduce all my settings to bare minimial to have any control of my own System. I follow the Web and I have noticed that CA gets a large mention with a lot of its processors. Maybe its about time I made a change.

You made mention in a previous post that Windows Firewall was not adequate, and you would give me a list of suggestions.

Again I agree with you that it appears to be a conflict between Software programmes, and I have started to uninstall certain programmes.

If I have no further success, I will post my problem into the suggested Forums.

abri, thank you for your support, It's because of people like you and Forums like this that make Computing fun and challenging.

John W

 

Hi John,

Take a look at step 3 in the How to Protect yourself from malware!

I use Zone Alarm and AVG together and they seem to work well. I prefer Sygate, but it's a bit more complicated and I got distracted and never changed back. A lot of people are going to Comodo, and I can't advise you there. There are some problems with Comodo, but at the same time, it's getting very high ratings. I haven't had any problems since I started following the steps in the above link, and I think keeping my temp and log files cleaned out with CCleaner has played a big part in keeping malware out. It isn't, unfortunately, a cure against software conflicts and other similar afflictions. Good luck with your computer. I'll look for any futher posts you make on the subject!
abri