Cable modem, SMC router, several XP computers. Internet security software installed, running, and up to date. All Microsoft patches in place. Computers have been reliable until this. A couple of months ago one computer became much slower dealing with web pages, sometimes more than a minute to open a page. It looks like this might possibly be DNS resolution, but I cannot be certain. Other computers here do not show this. DNS addresses, etc. are the same on each computer. Computers and router and modem rebooted. No change. Help desk for the internet security software did a complete uninstall and reinstall and finally a new version. No change. Multiple scans done looking for any infections. Nothing found. Tried other reputable spyware scanners. Nothing found. Tried running the little executable from Microsoft to repair the net stack, I think. No change. Tried other browsers. IE8, Opera 10, Comodo Dragon all show the same very slow behavior on opening each page and item on the page. Tried speed test web pages and once the transfer starts the speed is not slow.So from all this I think I've eliminated possible causes outside this one computer.Is there a way I can track down and fix this with the minimum amount of ripping things up and making changes?Thank you

Have you tried clearing the DNS cache on the machine?Go to a command prompt and type "IPCONFIG /FLUSHDNS" see if that helps.If you disable, temporarily as a test, the Internet security software does that affect the speed? Which Internet security software are you running?How is the performance of the machine otherwise? Other apps run normally? How much RAM does it have? How much free disk space?Anything here useful: http://www.officeforlawyers.com/lawtech/tswin.htm ?-B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Thank you.As you instructed I flushed the DNS cache. No change.Flushed browser cache and watched specific page load. I temporarily disabled the security package. Exited browser, brought it back up, flushed cache and watched same page load. There might be a very slight increase in speed with this disabled, but the long latency for each page and item on a page is still clearly there. Was NIS 2009. Had been using NIS for at least 3 years. Went through help with them. Now NIS 2010. Turned security back on.I just ran a little factorization benchmark I've had for may years which is only cpu intensive. Speed is as good as it was years ago.All other apps run just fine. 1 gig memory. 4 gig free space out of 19 gig in the partition that I use. Been about that for a very long time.The change in browser speed was sudden and dramatic. No wave of new installs, very rarely anything new installed. No changes to the network configuration. So I don't tend to think that the web page suggesting there isn't enough memory or there are a decade of accumulated fragments likely explains this. As I said when I first posted, all the Microsoft bug patches are in place. But I don't believe this happened immediately after a bugpatch Tuesday. I would have watched for and recognized that. I ran ccleaner and superantispyware and other legitimate scanners, nothing found and no change. I'll dig through Kelly's stuff and see if I find anything, but starting down his list gives the impression most items don't seem relate to this.It is just my guess but I'm thinking something to do with networking broke suddenly. The behavior is very consistent since then.Thanks for any suggestions

How is this machine connected? Wired? Wireless? Static IP address or dynamic? -B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Everything is wired. No wireless enabled. From the computers to the router everything has a static ip address. From the router to the modem is DHCP. Have not made any change in the addressing in perhaps 6-8 years.Thank you

O.K. Couple things to try:1. Try changing the static IP address on the affected machine.2. Try taking the affected machine to a different desk and plugging in at a different cable. You might also try taking a machine that's fine and plugging it into the affected desk.See if either of those things make a difference. -B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Excellent ideas. Why didn't I already try that?!?!As instructed, changed address from 192.168.2.2 to 192.168.2.7. No change.As instructed, gently disconnected the network cables from the computer ends of two machines and swapped those. No change.Then gently disconnected the network cables from the router ends and swapped those. No change.Thank you

Hmm...well that takes care of most of the obvious things. How are internal network operations? Have you tried transferring a large file from this machine to a server or other workstation inside the office? Compare the same file transfer to one of the other machines?If you ping your router from the affected machine how's the latency? Does this machine have a HOSTS file in use?-B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Internally I can ftp large files at between 3 and 6 Mbytes/second, it varies some but doesn't appear obviously different for this one compared to the others.Ping time from any machine to the router is consistently 0ms with no latency at startup.Ping time from any machine to an outside service we use is consistently 51-55ms. But on the slow machine there is very commonly 8 seconds or more latency before ping shows any progress. The other machines do not show that. With the slow machine pinging ip address instead of domain name the 8 second or more latency appears gone. So this again seems to point at DNS as the culprit.Yes there is a HOSTS file. About 3 dozen 127.0.0.1 entries, looks like they are all notorious ad banner pushers.

Same HOSTS file on all machines?If you PING your DNS service by IP address from the affected machine is it still noticeably slower than one of the working machines?Do you have an internal server for DNS or just public servers?What kind of firewall are you behind? SonicWall? SnapGear? Something like that? -B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Ping by by ip address gives the same round trip time for all machines. Ping by any domain name gives 8 to as much as 30 seconds latency before printing the first line of output on the affected machine and 0 seconds on the working machines, but the latency does not change the round trip time and it is the same as ping by IP address.Have been given several different directions for DNS, "Use your ISP DNS" versus "Use your router gateway address" versus "Use 4.2.2.1" The affected machine had been perfectly happy for lots of years using the second of those. When this problem started I thought something in that might have broken so I switched that to 4.2.2.1 like the unaffected. No change.Firewall turned on in the SMC Barricade 7004VBR and NIS firewall running on each machine, all identical installs a week or so ago.HOSTS files on most of the unaffected machines is ~250kbytes dated 9/2008 which probably means that was put in place by NIS then, filled with scum domains. HOSTS file on the affected machine is 3 dozen lines and has a newer date, unknown source or history. So I copied a HOSTS from unaffected to affected, rebooted. No change.

Out of any other ideas I went into Best Buy and begged two minutes of time from one of the techs. I explained everything that had been done. He said he expected that the event logs would be filled with errors and timeouts. I thanked him for the thing to check. I came back, found that the event logs on the slow machine had apparently been corrupted or the event system jammed long ago. I purged the logs, stopped and restarted the event system. Now it is logging events.There is one system error with IPSEC services terminated because authentication service is unknown.There are three application information about HHCTRL Event ID 1904 LinkID=45840 which is perhaps related to the emergency patch directions a few months ago to remove a key to disable remote management because of a security hole. A week or two later a bugpagch Tuesday had an update and that was installed. I never saw any instructions about whether to put the registry key back before or after the update. And I don't know whether that is related to the long DNS delays.Anyone have any other ideas what I can do to get this fixed?Thank you

IPSEC services? Are you using an encrypted VPN?If you click Start | Run and type "services.msc" in the run box, then click OK it will open the Services list.Check the IPSEC service and see if it's set to start Automatically, if it's currently started or what.If it's started, try stopping it. See if that helps. -B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Not using encrypted VPN.As instructed, checked IPSEC service. It is set to Automatic and currently stopped.So no change there.Thanks for any help

Not using encrypted VPN.As instructed, checked IPSEC service. It is set to Automatic and currently stopped.So no change there.Thanks for any helpI'd change it to "Manual" start, then reboot and test. You shouldn't need it and it could be interfering. -B- http://www.officeforlawyers.com Author: The Lawyer's Guide to Microsoft Outlook

Did as you instructed, ran services.msc, set IPSEC Services to manual, exited, ran it again to confirm it was set to manual, rebooted, checked again to confirm it was still set to manual. The system IPSEC error logged once each boot is gone now. But the 10-30 second delay in DNS remains. Once boot is finished there are no events logged for hours. Thanks for trying. Any other ideas?

I ran out of any other options and nobody had any other ideas.So I followed directions carefully, created a slipstream SP3 CD using http://www.howtohaven.com/system/slipstream-xp-service-pack-3.shtmlThen I did a Windows Repair install using http://michaelstevenstech.com/XPrepairinstall.htmAfter that I cleaned up some puzzling problems, the result claimed to be SP1A, not SP3 even though I've triple checked everything to make sure it was correct, in fact I used exactly the same SP3 file to create the slipstream that I applied afterwards to get it from SP1A to SP3. Then I installed IE8, installed the 75 post-SP3 Windows updates and the system appears functional now.BUT the slow DNS problem is the same as it was before I did this. Ping domain name from a cmd prompt still takes 8-20 seconds before it displays anything while ping IP address responds instantly. And this same DNS delay is demonstrated with the web browsers, web pages are instantaneous with an ip address and 8-30 seconds with a domain name. Nslookup has no delay looking up domain names.What problem can persist through a repair install? Is there anything else, other than reformat and reinstall, to try to fix this problem?If need be I can toast a fresh slipstream and repeat all this to see if it will have no errors next time.What if I deleted the network connection, deleted the network driver (ethernet is integrated onto the old ECS motherboard. I think I finally found the CD that came with the board and vaguely remember it being important to have the drivers from that CD for those boards) somewhere before or during or after I re-run the slipstream SP3 I put back the network driver from the CD, let Windows rediscover the network. Is there a good chance this would fix the problem?I do understand that every fumbling attempt to fix anything always includes a significant probablility that something else is being broken in the process, you may not even notice this, and figuring out what was broken and how to fix that is very questionable, and trying to fix that will likely break something else...Thanks

I ran out of any other options and nobody had any other ideas.So I followed directions carefully, created a slipstream SP3 CD using http://www.howtohaven.com/system/slipstream-xp-service-pack-3.shtmlThen I did a Windows Repair install using http://michaelstevenstech.com/XPrepairinstall.htmAfter that I cleaned up some puzzling problems, the result claimed to be SP1A, not SP3 even though I've triple checked everything to make sure it was correct, in fact I used exactly the same SP3 file to create the slipstream that I applied afterwards to get it from SP1A to SP3. Then I installed IE8, installed the 75 post-SP3 Windows updates and the system appears functional now.BUT the slow DNS problem is the same as it was before I did this. Ping domain name from a cmd prompt still takes 8-20 seconds before it displays anything while ping IP address responds instantly. And this same DNS delay is demonstrated with the web browsers, web pages are instantaneous with an ip address and 8-30 seconds with a domain name. Nslookup has no delay looking up domain names.What problem can persist through a repair install? Is there anything else, other than reformat and reinstall, to try to fix this problem?If need be I can toast a fresh slipstream and repeat all this to see if it will have no errors next time.

Wow, you are one tenacious dude for hanging in there all this time!I find your statement interesting that a "ping" takes 8-20 seconds whereas a nslookup is instantaneous. The order in which a IP Host name is resolved is summarized in:"Microsoft TCP/IP Host Name Resolution Order" < http://support.microsoft.com/kb/172218 >The difference between a normal DNS lookup and using the "nslookup" program is that the nslookup program skips directly to sequence #3 (network dns request) in the above article without even considering #1 (self) and #2 (hosts file).Your "hosts" file (usually located in c:\windows\system32\drivers\etc\hosts) only needs to haveone line present, and that is the line: 127.0.0.1 localhostIt may be time to bring in the big guns. Download and install the freeware "Wireshark ". It will display all packets going in and out of your machine. Start it up and watch the packets go back and forth when you do a ping or nslookup. Look at sources, destinations, and relative timing of the packets as well as the host name being looked up. Perhaps this will reveal something. At a minimum it will show you at what step your delays are occurring at.HTH, JW

At this point it probably wouldn't hurt to install and run CCleaner (Free; http://www.piriform.com/) and have it run it's application and registry cleaning. It's a shot in the dark but worth a try.The Wireshark suggestiong is a good one.Another thing you could do is run TRACERT on the bad machine and a good one to see if there is any difference.Jump to a command prompt and type:tracert microsoft.com(or any site) See what it says about latency and the route the packets take. -B- http://www.officeforlawyers.com | http://www.onenote-tips.com Author: The Lawyer's Guide to Microsoft Outlook

I had already run CCleaner before I made the first posting here. And I did that again after I did the SP3 slipstream. It found a little litter but didn't appear to find anything significant and nothing changed in the behavior afterwards.Now as instructed, I booted each machine, killed off any startup applications, waited for them to stabilize and then rantracert microsoft.com > log.txton the fast and the slow machine, one after the other, not both at the same time and not having any of the other machines with network traffic. This shows differences of at most a millisecond or two, less than 1ms to the router, 10ms to get out to the provider, 20ms to get to the backbone, 30ms to get to MSN in both the fast and slow log files. Both fast and slow are taking exactly the same path to get there. I then repeated the tracert on both and the results in the log files were unchanged.Then I rebooted and repeated all this, but without redirecting the output into a log file and just watched. On both fast and slow there is perhaps 8 seconds latency before the first output line and the results are still identical. When I then do tracert again on the fast machine there is zero latency before the first line output while on the slow machine there is the same 8-12 second latency every time every time I do this. So it looks like the fast machine is caching dns information and doesn't have to look this up every time while the slow machine apparently has to start from scratch every time.tracert 207.46.197.32has 20 seconds latency on fast and slow machines, probably due to multiple dns lookups, but the results are the same as when using domain names.So this again appears to point clearly at a dns issue, which was what I said when I first posted more than a month ago.With these results does it still look like wireshark is likely enough to provide the answer that I should add that to the mix? Or is there anything other than reformat and reinstall that can fix dns?Thanksp.s. A Google forXP repair dnsled me tohttp://www.tweaksforgeeks.com/RepairDNS.htmlwhich claims thishttp://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtmlhas fixed his problems every time and which leads towinsockfix.exeWhen all scans claimed that was clean I tried it.Ping stopped working, nslookup stopped working, tracert stopped working, browser stopped working. I thought it had killed the networking on the box. Finally I figured out that it had decided to substitute DHCP, which leads nowhere here, for my static IP, which will work, replaced my 250kbyte adblocking HOSTS file with a single line for localhost, changed other things in the TCP/IP settings and I don't know what other damage it did. I finally figured this out and put the addressing back. And the original problem remains unchanged. I would not recommend winsockfix.exe to others.p.p.s It is worse than I thought. At first I thought I was just imagining this. But either WinSockFix slowed the connection down to the point where web pages repeatedly refuse to load before timing out or it has reset some timer somewhere to force these to fail.

I had already run CCleaner before I made the first posting here. And I did that again after I did the SP3 slipstream. It found a little litter but didn't appear to find anything significant and nothing changed in the behavior afterwards.Now as instructed, I booted each machine, killed off any startup applications, waited for them to stabilize and then rantracert microsoft.com > log.txton the fast and the slow machine, one after the other, not both at the same time and not having any of the other machines with network traffic. This shows differences of at most a millisecond or two, less than 1ms to the router, 10ms to get out to the provider, 20ms to get to the backbone, 30ms to get to MSN in both the fast and slow log files. Both fast and slow are taking exactly the same path to get there. I then repeated the tracert on both and the results in the log files were unchanged.Then I rebooted and repeated all this, but without redirecting the output into a log file and just watched. On both fast and slow there is perhaps 8 seconds latency before the first output line and the results are still identical. When I then do tracert again on the fast machine there is zero latency before the first line output while on the slow machine there is the same 8-12 second latency every time every time I do this. So it looks like the fast machine is caching dns information and doesn't have to look this up every time while the slow machine apparently has to start from scratch every time.tracert 207.46.197.32has 20 seconds latency on fast and slow machines, probably due to multiple dns lookups, but the results are the same as when using domain names.So this again appears to point clearly at a dns issue, which was what I said when I first posted more than a month ago.With these results does it still look like wireshark is likely enough to provide the answer that I should add that to the mix? Or is there anything other than reformat and reinstall that can fix dns?Thanks

I had already run CCleaner before I made the first posting here. And I did that again after I did the SP3 slipstream. It found a little litter but didn't appear to find anything significant and nothing changed in the behavior afterwards.Now as instructed, I booted each machine, killed off any startup applications, waited for them to stabilize and then rantracert microsoft.com > log.txton the fast and the slow machine, one after the other, not both at the same time and not having any of the other machines with network traffic. This shows differences of at most a millisecond or two, less than 1ms to the router, 10ms to get out to the provider, 20ms to get to the backbone, 30ms to get to MSN in both the fast and slow log files. Both fast and slow are taking exactly the same path to get there. I then repeated the tracert on both and the results in the log files were unchanged.Then I rebooted and repeated all this, but without redirecting the output into a log file and just watched. On both fast and slow there is perhaps 8 seconds latency before the first output line and the results are still identical. When I then do tracert again on the fast machine there is zero latency before the first line output while on the slow machine there is the same 8-12 second latency every time every time I do this. So it looks like the fast machine is caching dns information and doesn't have to look this up every time while the slow machine apparently has to start from scratch every time.tracert 207.46.197.32has 20 seconds latency on fast and slow machines, probably due to multiple dns lookups, but the results are the same as when using domain names.So this again appears to point clearly at a dns issue, which was what I said when I first posted more than a month ago.With these results does it still look like wireshark is likely enough to provide the answer that I should add that to the mix? Or is there anything other than reformat and reinstall that can fix dns?Thanksp.s. A Google forXP repair dnsled me tohttp://www.tweaksforgeeks.com/RepairDNS.htmlwhich claims thishttp://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtmlhas fixed his problems every time and which leads towinsockfix.exeWhen all scans claimed that was clean I tried it.Ping stopped working, nslookup stopped working, tracert stopped working, browser stopped working. I thought it had killed the networking on the box. Finally I figured out that it had decided to substitute DHCP, which leads nowhere here, for my static IP, which will work, replaced my 250kbyte adblocking HOSTS file with a single line for localhost, changed other things in the TCP/IP settings and I don't know what other damage it did. I finally figured this out and put the addressing back. And the original problem remains unchanged. I would not recommend winsockfix.exe to others.p.p.s It is worse than I thought. At first I thought I was just imagining this. But either WinSockFix slowed the connection down to the point where web pages repeatedly refuse to load before timing out or it has reset some timer somewhere to force these to fail.p.p.p.s So let's see if System Restore will back out of this failed winsock "fix." And I find every system restore point made since the SP3 slipstream repair install say "System restore cannot complete for xxx. Choose another restore point. No changes were made." THis just makes me repeat what I wrote several messages ago, "I do understand that every fumbling attempt to fix anything always includes a significant probablility that something else is being broken in the process."

One person outside this forum, and with no obligation to do so, went way beyond what was expected. He read my description of the problem, did some searching and found that someone else had reported a very similar problem with ping having a long latency. Even better, he found a solution had been discovered in that case.What was found was that the Remote Access Auto Connection Manager service may be running in the background. If that is running it appears to somehow interfere with DNS caching and/or create long latencies in ping and perhaps other things.So I ran services.msc and discovered that this service was set to Automatic and had been started. I stopped the service and tried both Manual and Disabled. It appears that, even without rebooting the computer, if this service is stopped or not running that the very first DNS request for a domain name is reduced from my previous 8-10 seconds down to about 4-5 seconds and subsequent requests for the same domain name are reduced from 8-10 seconds to about 0 seconds. And I can cause the same latency if I start that service again.So this looks like it has fixed some or most of my original problem that started a few months ago. Some things are faster now. But I'm not certain that it fixes it all and I'm not certain there were other things broken at the same time months ago.He also recommended testing this in Safe Mode with Networking. That too is faster, but I have not been able to conclusively determine yet whether Safe Mode with Networking is faster or slower than regular mode with the service turned off.Also this does not fix the problems that I believe I introduced yesterday by trying winsockfix.exe described in a previous message. I'm still seeing some pages timing out in web browsers, even with the RAACM service turned off now, and that was not the case before yesterday's winsock "fix." As I reported in my first posting, a month ago I had done a winsock "fix", I believe from Microsoft or pointed at by by one MVP's web pages, and it didn't appear to fix the problem or break anything, but unfortunately I cannot locate exactly which webpage that was on now.So are there any other suggestions to help track down and fix any remaining problems with this?Thanks

The event system apparently, at least as I have things configured now, doesn't appear to log changes to the state of the Remote Access Auto Connection Manager and doesn't log who might be using this service. Is there some monitoring gadget out there somewhere that would log events for changes in services and who is using the services? I'm wondering if something snuck in somehow, got RAACM enabled and started and is now using that to phone home. And I'm wondering what else might be changing behind the scenes that I don't even know about yet.Thanks