Solved

XP Right Click & Vid Rfrsh Slow when NIC Plugged in

Posted on 2004-04-05
20
567 Views
Last Modified: 2007-12-19
Hello to all!

A PC we have has recently started hanging during a right click (on icons) and various apps hang when the Network Adapter (NIC) is plugged into a Switch and X-Over to PC.  Therefore when the NIC has a signal and is enabled, the symtpoms occurr.  When haninging, I can drag a window around the screen, it wipes the desktop icons away like an eraser (wallpaper stays) and then the window is not refreshed when dragged, therefore 1000's of windows stay behind like Mouse Tracks (Video is not refreshing via system hang). When the NIC is either Disabled or detached, the PC works fine.  Here are the specs of the PC and the attempted fixes:

System Specs
---------------------------
Windows XP Pro SP1
Intel 3.0Ghz (800Mhz) HT
1G RAM
Gigabyte MB
NVidia GeforceFX 9500
Drives with MB RAID (2 Pair Striped - 2 Volumes Total)
1 System HDD (SATA Raid 10K Rpm) (WINXP here)
System has worked fine until recently.  User is not completely PC trained, therefore a COMPLETE backtrace of Installed Programs is vague at best.  


Attempted Fixes:
---------------------------
All Symptoms remained unless noted.

-Killed all but required services for system continuity - tested with each proc killed.

-Scanned with 3/31/04 NAV Definitions & Highest Heuristics, deepest scanning, etc. (Found Clean)

-Scanned with Lavasoft AdAware (Latest Ver) with 3/31/04 Reference File. - Nothing but cookies found.

-Adjusted AGP Apeture

-Adjusted Various NVidia Settings in Display & Adapter Properties.

-Removed all peripheral shortcuts from SEND TO folder.

-Removed NAV

-Reinstalled and Full LiveUpdate! performed with NAV

-Peformed Safe Mode Test (problem still occurred)

-Tested with Native Win2000 Domain (Local & Network Accounts)

-Tested with X-Over and A WinXP Home PC

-Joined and Disjoined (with testing) from the Domain.

-Configured with DHCP & Static IP Addressing

-Administrative and User Accounts tested (Locally & Network)

-Latest Drivers applied (remember system was not always like this)

-Dell ActiveSync with a Dell PDA was the latest item installed.

-----------

The user has ALOT of peripheral software and services running, but please keep in mind that I killed all procs down to the BARE minimum and symptoms still occurred.  Also remember that once the NIC is disconnected or disabled, things return to normal INSTANTLY

-----------
Finally, a pre-thank you to ALL who contribute.  Big time!  









0
Comment
Question by:jennifer_borman
  • 10
  • 7
  • 3
20 Comments
 

Author Comment

by:jennifer_borman
Comment Utility
Addition--------

-----------RUNNING Tasks---------------

system idle process
system
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
ccevtmgr.exe
spoolsv.exe
ctsvccda.exe
navapsvc.exe
nprotect.exe
nvsvc32.exe
nopdb.exe
mspmspsv.exe
explorer.exe
soundman.exe
ctsysvol.exe
ctdvddet.exe
cthelper.exe
shico.exe
bsclip.exe
qttask.exe
ccapp.exe
daemon.exe
anvshell.exe
hpztsb04.exe
hphmon03.exe
atix10.exe
msmsgs.exe
wcescomm.exe
rundll32.exe
acrotray.exe
hphipm09.exe
wcesmgr.exe
outlook.exe
helpctr.exe
helpsvc.exe
wmiprvse.exe
wmiprvse.exe
offprov.exe

--------RUNNING SERVICES (Not Tasks)---------

99.999% of all services are as per the initial installation of WinXP.  1 or two should have been changed.
 (Sorry about the Funny Layout)

      
Display Name      State
Alerter      Stopped
Application Layer Gateway Service      Stopped
Application Management      Stopped
Ati HotKey Poller      Stopped
ATI Smart      Stopped
Windows Audio      Running
Background Intelligent Transfer Service      Stopped
Computer Browser      Running
Symantec Event Manager      Running
Symantec Password Validation Service      Stopped
Indexing Service      Stopped
ClipBook      Stopped
COM+ System Application      Stopped
Creative Service for CDROM Access      Running
Cryptographic Services      Running
DHCP Client      Running
Logical Disk Manager Administrative Service      Stopped
Logical Disk Manager      Running
DNS Client      Running
Error Reporting Service      Running
Event Log      Running
COM+ Event System      Running
Fast User Switching Compatibility      Stopped
Help and Support      Running
Human Interface Device Access      Stopped
IMAPI CD-Burning COM Service      Stopped
Server      Running
Workstation      Running
TCP/IP NetBIOS Helper      Running
Messenger      Running
NetMeeting Remote Desktop Sharing      Stopped
Distributed Transaction Coordinator      Stopped
Windows Installer      Stopped
Norton AntiVirus Auto Protect Service      Running
Network DDE      Stopped
Network DDE DSDM      Stopped
Net Logon      Stopped
Network Connections      Running
Intel NCS NetService      Stopped
Network Location Awareness (NLA)      Running
Norton Unerase Protection      Running
NT LM Security Support Provider      Stopped
Removable Storage      Stopped
NVIDIA Driver Helper Service      Running
Plug and Play      Running
Pml Driver      Running
IPSEC Services      Running
Protected Storage      Running
Remote Access Auto Connection Manager      Stopped
Remote Access Connection Manager      Running
Remote Desktop Help Session Manager      Stopped
Routing and Remote Access      Stopped
Remote Registry      Running
Remote Procedure Call (RPC) Locator      Stopped
Remote Procedure Call (RPC)      Running
QoS RSVP      Stopped
Security Accounts Manager      Running
ScriptBlocking Service      Stopped
Smart Card Helper      Stopped
Smart Card      Stopped
Task Scheduler      Running
Secondary Logon      Running
System Event Notification      Running
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)      Stopped
Shell Hardware Detection      Running
Speed Disk service      Running
Print Spooler      Running
System Restore Service      Running
SSDP Discovery Service      Running
Windows Image Acquisition (WIA)      Stopped
MS Software Shadow Copy Provider      Stopped
Performance Logs and Alerts      Stopped
Telephony      Running
Terminal Services      Running
Themes      Running
Telnet      Stopped
Distributed Link Tracking Client      Running
Upload Manager      Running
Universal Plug and Play Device Host      Stopped
Uninterruptible Power Supply      Stopped
Volume Shadow Copy      Stopped
Windows Time      Stopped
WebClient      Running
Windows Management Instrumentation      Running
WMDM PMSP Service      Running
Portable Media Serial Number      Running
Windows Management Instrumentation Driver Extensions      Stopped
WMI Performance Adapter      Stopped
Automatic Updates      Running
Wireless Zero Configuration      Running
X10 Device Network Service      Stopped



----Thanks!---
0
 
LVL 21

Expert Comment

by:gemarti
Comment Utility
Didn't see anything related to testing the memory.

Try this:

Windows Memory Diagnostic
http://oca.microsoft.com/en/windiag.asp

Exceprt:
The Windows Memory Diagnostic tests the Random Access Memory (RAM) on your computer for errors. The diagnostic includes a comprehensive set of memory tests. If you are experiencing problems while running Windows, you can use the diagnostic to determine whether the problems are caused by failing hardware, such as RAM or the memory system of your motherboard. Windows Memory Diagnostic is designed to be easy and fast. On most configurations, you can download the diagnostic, read the documentation, run the test and complete the first test pass in less than 30 minutes.

0
 
LVL 4

Expert Comment

by:Veegertx
Comment Utility
Try another NIC maybe? Sounds too simple but it sound's like its running off. Or is it the way its set up and what it accesses.
0
 

Author Comment

by:jennifer_borman
Comment Utility
I will attempt the RAM test, however I don't imagine that it is specifically applicable here.  I appreciate that response, but the symptoms take effect once the NIC is plugged in.  If it is disconnected, everything is fine.

I will disable the on-board NIC and will install a different NIC and try it out.

Appreciate all of your time.  Will let you know the outcome.  Any other suggestions are welcome.
0
 
LVL 21

Expert Comment

by:gemarti
Comment Utility
Well I figure you have to start somewhere. :)

Does the video card and the NIC share any of the same resource settings?

If yes then try changing the NIC's IRQ.
0
 
LVL 21

Expert Comment

by:gemarti
Comment Utility
You also might just need to re-seat the hardware (NIC, Video, and RAM).
0
 
LVL 4

Expert Comment

by:Veegertx
Comment Utility
As Gemarti said: Does the video card and the NIC share any of the same resource settings?
Another way to get it to change IRQ and stuff is simply a different slot in PC if available.
0
 
LVL 4

Expert Comment

by:Veegertx
Comment Utility
OOps sorry just realized what you said that its an onboard - too early in the morn
Yep disabling in BIOS and another card is only way to test that theory.
0
 

Author Comment

by:jennifer_borman
Comment Utility
Still here, will reply soon!
0
 

Author Comment

by:jennifer_borman
Comment Utility
Still alive, holidays!  Thanks for the patience!
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:jennifer_borman
Comment Utility
Okay, that was too long of a delay.  Anyway, I tried a different NIC after disabling the onboard NIC.  The machine still performs very slowly when the new NIC is plugged in and returns to normal performance when disconnected.

Any additional ideas?

I'm going to try a few more malware detectors.  Microsoft Word 2000 is particularly predictable in that it lags very badly when connected and is fine when disconnected.  I notice that a packet is sent every 1/2 second on the LAN link.  Link overhead aside, it appears a little too much and consistent to be a nominal inactive link.  Know what I mean?  But any other suggestions will be helpful.  I am going to throw a sniffer on the line and see what happens.

Thanks again!
0
 
LVL 4

Expert Comment

by:Veegertx
Comment Utility
Ok these are suspicious Tasks
shico.exe - whats starting it
bsclip.exe - whats starting it
daemon.exe - whats starting it
offprov.exe - I Found on internet = "I received from seafood@ucdavis.edu list some messages with this attached files like "hpdsx.exe" or offprov.exe" with W32/Magistr@MM virus!!! "
Is your Virus definitions up to date?

WMDM PMSP Service This service is installed with Windows Media Player 7. If you do not use Media Player, disable this service. This is XP forum so i thought you had XP, newest Media Player is 9.0b.

X10 Device Network Service - If it says X10 then its simply no good, I'd look at uninstalling whatever and stop/delete this service. X10 used to be known as spyware as I recall.
0
 
LVL 4

Expert Comment

by:Veegertx
Comment Utility
This is Autoruns
can tell you where and whats starting with your PC
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml
I'm starting to think you have a Virus or spyware here.
0
 

Author Comment

by:jennifer_borman
Comment Utility
Okay,

   I've noted your suspicions about the services and procs running, however I found some more information that I feel is noteworthy.

   I threw a sniffer on the PC and allowed it to operate under normal conditions.  Especially when opening Microsoft Word documents (It likes to stall there when the NIC is in), it seems to arp like heck for my gateway (10.0.0.1).  It is also doing a DNS lookup for clr.verisign.com and www.verisign.com.

   I am not yet connected to the internet via DSL or dial-up.  I do have a DNS server and DHCP server that throws 10.0.0.1 as the default router/gateway.  THERE IS NO VALID gateway at 10.0.0.1 nor is there any normal host at that address, therefore the arp is never answered.  I changed the DHCP to not include a gateway IP, as well as giving it a valid host that is not actually a gateway, but to prevent it from arping and to see what it asks of the "gateway".

   After reboots of the PC with each different configuration setting, there is still no change.  No matter what IP is given for gateway, it still arps for 10.0.0.1.  I even flushed DNS Cache, etc.  I tried to manually give a localhost as well as a remote host on the network IP address for the sites listed (verisign).

   I am no good with certificates and CA's.  There are no know configs except for the default XP configs with the CAs.

   I am going to now double the points as this is getting deep.

  A thought just occurred to me, I am going to redirect the 10.0.0.1 address to a valid host to continue whatever TCP/IP process the box is trying to initiate.  Please mind you that the DNS lookup and the arp are coinciding.  They may be related but also may not be!

Thanks again!


0
 
LVL 4

Accepted Solution

by:
Veegertx earned 500 total points
Comment Utility
Was about to suggest flushing that DNS. I do it after this. Read the notes I have in it about 2 parameter's that should not be there.
More on what these do is here  http://www.windows-help.net/WindowsXP/tune-24.html

------DNScache.reg below here--------

Windows Registry Editor Version 5.00
;If you find DWORD values MaxCacheEntryTtlLimit and/or NegativeCacheTime in the
;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
;registry location, delete those.
;When present they will prevent Windows XP using the correct settings.
;After doing this flush the DNS cache for the changes to take effect
; @command prompt    ipconfig /flushdns

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"MaxNegativeCacheTtl"=dword:00000000
"MaxCacheTtl"=dword:00003840
"MaxCacheEntryTtlLimit"=-
"NegativeCacheTime"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"QueryIpMatching"=dword:00000001

0
 

Author Comment

by:jennifer_borman
Comment Utility
You're going to love this...

   I threw a packet sniffer onto the NIC (onboard).  It was originally arping for my gateway.  No gateway in my network at this time.  I gave it one (a cisco router).  That didn't work.

   I then noticed that it was consistently looking for crl.verisign.com.  Especially when opening MS-Word or MS-Excel.

   Turns out that a Certificate shipped with NAV2003 expires on Jan. 7, 2004.  The mechanism that runs with this breaks to a certain extent and the performance of the PC is prone to dropping like a rock.  Symantec's temporary advice is to disable the "check the Certificate Revocation Listing" online.  I disabled that, and Voila!  All was well.  I will update the Cert. and check further with Symantec and Verisign about this.  Check it out, it's on both Verisign's and Symantec's web-site.

   Veegertx, I am going to award the points to you for the tenacious attack on this problem.  It was all very very appreciated.  Gemarti, I appreciate it as well.  Definitely.

  Feel free to let me know what you think.  Thanks again!
0
 

Author Comment

by:jennifer_borman
Comment Utility
ooo... noticed that I already described the crl thing.  Well, that was it.
0
 

Author Comment

by:jennifer_borman
Comment Utility
P.S.  I graded it "A" because I felt like we were on the right track.  
0
 
LVL 4

Expert Comment

by:Veegertx
Comment Utility
Good Grief lol
I never knew those thing's could be that bad to cause all that trouble. I gotta copy what you said and put it in my million note's where I don't have anything in order or a clue of what's in there.

jennifer
I would recommend you just get your point's back if you like since you solved on your own.

I'm not a point's hound, I just like helping people when I have time when I take a break from my amateur programming. I usually don't answer unless i think i know something or remember a certain thing I've either seen or read about a particular problem. Its good to learn new thing's BTW, and your's is certainly original to me.

http://maxxpsoft.com/
0
 

Author Comment

by:jennifer_borman
Comment Utility
Hey, it's no problem at all with the points.  I have to admit that I use the payment option and they give all the points you want.  Even if they weren't free, I would award them to you.  I appreciate the thought though.  We were definintely on the right track!

I also admit to having a notes bin.  I need to just bullet-point everything.  

-Jennifer
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now