Windows Woes

Spiricore

OSNN Newbie
Joined
19 May 2006
Messages
6
Hi all,

I was directed here by a friend of mine when continually trying to describe a problem that's been becoming more and more of a nuisance for me. I'll do my best to explain what's been happening and what I've tried to resolve my issues.

I'm not really even sure when it started, but as of now, almost every morning I wake up and my wireless internet is down. This has become somewhat of a common problem for me for unknown reasons with my router, but I've learned to deal with it since I haven't been able to find a proper answer to fix it.

[EDIT: Well, I guess it's not being devious just when I'm asleep - this problem occurred about five minutes after finishing this post. However, most of my settings (at least trillian's) weren't lost. Just the slow-to-freeze thing.]

Anyways, after noticing that my internet is down, I'll go through the process of "properly" closing down my apps such as Trillian, uTorrent and whatever else may be open. I notice my computer get slower and slower and eventually completely freeze up - I attempt to access Windows Task Manager but it never shows up; I'm forced to do a hard reboot.

I get no errors on bootup and it usually boots up without a hitch (with a couple exceptions of it hanging on "Windows is starting up" before the login screen). I attempt to load up Trillian and any other programs I was using, and my settings are CONSTANTLY getting deleted.

So far I've noticed these things:
-Trillian: My settings and buddylist being completely reset (with errors)
-Firefox: Bookmarks deleted, window position keeps being reset as well as the toolbar - they keep going back to default. My history seems to be intact.
-uTorrent/Azureus: All of my torrents are continually deleted and I have to re-add them. Settings reset.
-Newsleecher/Newsbin: Server settings and group database/download queue wiped out.

What I've tried:
-HijackThis: I'll post my log at the bottom, but I haven't noticed anything unusual.
-Memtest-86: Let it cycle 7 times with 0 errors.
-RegistryMechanic: Finds plenty of problems, but never seems to resolve any issues.
-Avast!Antivirus: It picked up two minor viruses when I ran the bootup scan and quarantined successfully, but the virus chest has been wiped out as well *sigh*.
-AVG: Picked up one minor virus and removed successfully, virus vault wiped out as well
-Panda Online Scan: Just spyware picked up
-AdAware SE: Nothing worth mentioning
-Diskeeper: Nothing worth mentioning, no errors
-SpyBot S&D: Nothing worth mentioning
-DxDiag: (lol) no errors reported

Programs I regularly run:
-Trillain 3.1 Pro
-uTorrent 1.5
-Rainlender 0.22.1
-Daemon Tools 4.03HE
-Winamp 5.2 Pro

The main stuff:
Windows XP Pro w/SP2 fully updated
ASUS SK8N w/8.00.09 (3/29/04) BIOS
AMD Athlon 64 FX-51 (2.2ghz)
2GB RAM
Pagefile: 455mb used, 2937mb avail
DirectX 9.0c (4.09.0000.0904)
Radeon 9800XT (Omega 3.8.231 drivers) 256mb
HP L2335 flat panel monitor
SoundBlaster Audigy 2 ZS (currently screwing with drivers, been a problem for me)
Linksys Wireless-G USB Network Adapter with SpeedBooster v2
Linksys WRT54G v5 Router
Western Digital 500gb MyBook external HDD
Maxtor OneTouch II 300gb external HDD
Lite-On DVDRW SOHW-812S
Plextor PX-716UF DVDRW/DL


Logfile of HijackThis v1.99.1
Scan saved at 12:59:49 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
E:\utorrent1.5.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [Inetreg] "C:\Program Files\InstallShield Installation Information\{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}\Setup.exe" /i_again -s
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138523444984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143659481500
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgupsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)

Yes, I just noticed that (file missing) with my wireless adapter. Meh. I've screwed with the router and that thing so much, I don't even know what I'm doing anymore.

Anyways, any help would be GREATLY appreciated as I really, really do not want to reformat unless absolutely necessary. It was done less than two months ago.

If any other info is needed please let me know as well.

[EDIT: I ended up sending the Application and System logs from Windows Event Viewer to a friend and there are some very strange errors going on. He concluded that it might be that someone is attacking my network and overloading my tcpip connection limits. I'm still hoping for some second opinions :) ]

[EDIT: I'm adding some information from the Event Log that occurred around the time my internet died and it began it's Cycle of Death and directly after it finished rebooting:
Code:
5/19/2006    9:24:55 PM    BROWSER    Error    None    8032    N/A    DESKTOP    The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2F80E25A-2205-4B7E-9DBF-5CC4D071D822}. The backup browser is stopping.
5/19/2006    9:23:11 PM    Service Control Manager    Information    None    7036    N/A    DESKTOP    The StyleXPService service entered the stopped state.
5/19/2006    9:23:11 PM    Service Control Manager    Information    None    7035    DESKTOP\Spiricore    DESKTOP    The StyleXPService service was successfully sent a stop control.
5/19/2006    9:23:06 PM    Tcpip    Information    None    4201    N/A    DESKTOP    The system detected that network adapter \DEVICE\TCPIP_{2F80E25A-2205-4B7E-9DBF-5CC4D071D822} was connected to the network, and has initiated normal operation over the network adapter.
5/19/2006    9:23:00 PM    Service Control Manager    Information    None    7036    N/A    DESKTOP    The SSDP Discovery Service service entered the running state.
5/19/2006    9:23:00 PM    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    DESKTOP    The SSDP Discovery Service service was successfully sent a start control.
5/19/2006    9:21:38 PM    BROWSER    Warning    None    8021    N/A    DESKTOP    The browser was unable to retrieve a list of servers from the browser master \\TARA-T6SG6NTWA0 on the network \Device\NetBT_Tcpip_{2F80E25A-2205-4B7E-9DBF-5CC4D071D822}. The data is the error code.
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    DESKTOP    The GTNDIS5 NDIS Protocol Driver service was successfully sent a start control.
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7036    N/A    DESKTOP    The Wireless Zero Configuration service entered the stopped state.
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    DESKTOP    The Wireless Zero Configuration service was successfully sent a stop control.
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7036    N/A    DESKTOP    The Application Layer Gateway Service service entered the running state.
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    DESKTOP    The Application Layer Gateway Service service was successfully sent a start control.
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7036    N/A    DESKTOP    The Network Location Awareness (NLA) service entered the running state.
5/19/2006    9:21:12 PM    Service Control Manager    Error    None    7034    N/A    DESKTOP    The Avid Startup service terminated unexpectedly.  It has done this 1 time(s).
5/19/2006    9:21:12 PM    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    DESKTOP    The Network Location Awareness (NLA) service was successfully sent a start control.
5/19/2006    9:20:55 PM    Tcpip    Information    None    4201    N/A    DESKTOP    The system detected that network adapter \DEVICE\TCPIP_{2F80E25A-2205-4B7E-9DBF-5CC4D071D822} was connected to the network, and has initiated normal operation over the network adapter.
5/19/2006    9:19:30 PM    ati2mtag    Error    CPLIB     52225    N/A    DESKTOP    CPLIB :: Open Session  - Failed to load the library
5/19/2006    9:19:34 PM    EventLog    Information    None    6005    N/A    DESKTOP    The Event log service was started.
5/19/2006    9:19:34 PM    EventLog    Information    None    6009    N/A    DESKTOP    Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
5/19/2006    9:14:43 PM    EventLog    Information    None    6006    N/A    DESKTOP    The Event log service was stopped.
5/19/2006    9:14:29 PM    EventLog    Information    None    6005    N/A    DESKTOP    The Event log service was started.
5/19/2006    9:14:29 PM    EventLog    Information    None    6009    N/A    DESKTOP    Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
5/19/2006    7:58:32 PM    Tcpip    Warning    None    4226    N/A    DESKTOP    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
5/19/2006    6:09:16 PM    Tcpip    Warning    None    4226    N/A    DESKTOP    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
5/19/2006    5:22:21 PM    sptd    Error    None    4    N/A    DESKTOP    Driver detected an internal error in its data structures for .
5/19/2006    5:22:21 PM    sptd    Error    None    4    N/A    DESKTOP    Driver detected an internal error in its data structures for .
5/19/2006    5:14:16 PM    Tcpip    Warning    None    4226    N/A    DESKTOP    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
5/19/2006    4:46:09 PM    Tcpip    Warning    None    4226    N/A    DESKTOP    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
5/19/2006    4:12:01 PM    Tcpip    Warning    None    4226    N/A    DESKTOP    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Note: TARA-T6SG6NTWA0 is the other computer connected to the router: that computer is wired to it, mine is wireless.

Thanks
-Spiricore
 
Last edited:
Woah, that is a lot of information. Good job on providing many details and on doing your homework :)

That being said, since you have Windows XP with SP2, the amount of tcpip connection limit was lowered to 10. This was a security measure put in place by Microsoft to help alleviate the amount of havoc worms/viruses can run on a network when propogating :eek: This is changeable, but I won't link to it and I don't recommend it. The setting is there for a reason, and isn't the root cause of your problem - just my .02

That aside, I recommend two things and would like to hear your results:

Run WinsockXPFix on your PC running the wireless.

Next - reset your router to factory settings. I have seen, while it's rare, that computers with your symptoms will hammer the router so many times, it actually blocks the Mac Address from authenticating properly and has trouble renewing an IP address. Your symptoms are not 100% along with those characertistics, but you could try that as well.

After that is done, verify your router is up to the latest firmware version.

If you have the option, which it sounds as if you may not, either take the wifi card from machine one, and put it into the machine that is hard-wired to it. Let that run for a day or so, find out if the problem occurs there as well.

OK - maybe that was more than two things :p
 
You also have two antiviruses running.
Ditch one.

Does someone else have access to your computer?
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
 
I ended up reformatting to see if it helps. So far, so good, but it's only been about 30 mins. ;p

I'll try keeping the antivirus programs off for awhile - I had them installed previously, but kept most of their functions turned off and just used them for scanning when I needed to check (a) file(s).

As far as the WinPcap thing goes, I believe XBConnect installs that to communicate with my xbox for playing online. And no, nobody has access to this computer but me.

Thanks for the reply! :)
 
You can keep anti-virus applications on, and should. What he was referring to is that you shouldn't have more than one installed/running simultaneously, as it tends to cause problems.
 
Well after reformatting and setting everything up, I managed a night without a hitch. Then, about 5 minutes ago, it did it again. I have no idea what to do now. I only have one antivirus installed, and that's NOD32. Not much else has changed, I've only installed the essential programs at this point. I'd be grateful for any help anyone can offer at this point.
 
What model is the Router? and how are you connected the internet DSL/Cable?
 
Linksys Wireless-G USB Network Adapter with SpeedBooster v2 Linksys
WRT54G v5 Router

Wireless G connection with 128-bit WEP in Infrastructure mode.
Two computers connected to the router, the other is via CAT5 cable directly to the router.
 
Last edited:
I also noticed this when I did a quick scan of something with NOD32 during the memory scan...."Error occurred while scanning MBR sector of the 4. physical disk. Error reading sector."

NO clue what that means, but I wonder if it could be related?

A tidbit of info I forgot:
Seagate Barracuda 7200.7 (ST3160021A) 160 GB Internet HDD
 
Last edited:
Another discovery...while watching Windows Task Manager, I noticed two memory leaks:

One with WUSB54GSv2.exe (which is the software my wireless internet adapter uses) and one with btdownloadgui.exe which is BitTorrent T-0.3.7 (BitTornado).

I noticed this after my computer started becoming REALLY slow, so I checked the task manager and noticed my second btdownloadgui.exe was running at 99% CPU. I immediately closed it and performance returned to normal.

So I'm assuming that would most likely be the problem - two memory leaks in two things I use constantly. The only inconsitancy is that this also occurs with Azureus and uTorrent, but I haven't had a chance to check them out yet. Come to think of it, I've had problems with the wireless program (Wireless Network Monitor, I assume) crash/hang/freeze/explode numerous times since day one.

Any theories or agreements as to this matter? If it is a memory leak, why do my settings for...ooh, revelation...internet-based applications reset and, in the case of firefox, make them frozen? And, if it is the memory leak and possible the main problem being the Wireless Network Monitor...will it be possible to connect to the network without it? I'm a TOTAL network newb :\

EDIT: Alright, did some more research and disabled the Wireless Network Monitor service and enabled Windows Zero Config to see if that helps. We'll see what happens...

EDIT2: Another update I found...

Special note for users with Linksys WRT54G/GL/GS routers, there are severe problems with them when running any P2P app (read for fix)

The default firmware for Linksys (and all replacement firmwares except for one) have a severe problem where they track old connections for FIVE days, which causes the router to hang when using P2P apps, or any software that generates a lot of connections. DHT only aggravates the situation because of the number of connections it generates.
Linksys has yet to address this issue, but there is a fix. If you use alternative firmware, you can put in a start-up script to fix this problem. DD-WRT and HyperWRT support custom start-up scripts. ...

And then when looking for this firmware for mine...

NO 3rd Party Firmware exists for this model. the problem is the amount of RAM and the OS is VxWorks and not Linux.

if you want to use 3rd Party Firmwares, DO NOT BUY A WRT54G v5.
:( My assumptions have now redirected...as I'm at a loss as to what to do. It's too late to return the router and exchange it for something else...and they don't do firmware hacks for my v5...argh! I don't know what to do.

Anyone notice anything else that might be the problem? Heh.

EDIT3: Well, I did some more research and decided to buy a WRT54GL router and have the firmware ready to install when it arrives in (hopefully) 2-3 days. At least that'll scratch one thing off the list of possible problems - I wish I had done my research properly before I bought the WRT54G v5. Waste of money.
 
Last edited:

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back