Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by bobbonomo

  1. I shutdown hard then restarted the machine. I populate my ISP's DNS cache by going to the test page. My testing: All this time FF prefetch is disabled. I close FF before each test. 1) With OA on I clear the FF cache and Win7 DNS cache and hit the test page: 1 minute 45 seconds 2) I turn OA off, clear the FF cache and Win7 DNS cache again and do the test: 15 seconds 3) I turn OA on but this time the FF cache is still loaded and so is the Win7 DNS cache 1 minute 25 seconds While there is Internet activity the OAsrv.exe is at ~50%
  2. Those are load times re-starting from a hibernate 3 days ago. A Big EMSI update occurred a bit before since the computer had been off 3 days. I also made sure there was no MS update coming in. I can retry from a boot but will bet a Guinness it changes nothing.
  3. Here are the results of an unscientific test (only the wall clock used) I hit http://blog.emsisoft.com/2014/07/31/emsisoft-runs-4-month-malware-protection-marathon-at-av-comparatives-finishes-first/?ref=newsbox_news140805&utm_source=software&utm_medium=newsbox&utm_content=news140805&utm_campaign=newsbox_news140805 This will fill my ISP's DNS with the required entries. My testing: All this time FF prefetch is disabled. I close FF before each test. 1) With OA on I clear the FF cache and Win7 DNS cache and hit: http://blog.emsisoft.com/2014/07/31/emsisoft-runs-4-month-malware-protection-marathon-at-av-comparatives-finishes-first/?ref=newsbox_news140805&utm_source=software&utm_medium=newsbox&utm_content=news140805&utm_campaign=newsbox_news140805 1 minute 30 seconds 2) With OA on I clear the FF cache and Win7 DNS cache again and hit the same page again: 1 minute 45 seconds. This is close 3) I clear the FF cache and Win7 DNS cache again and hit the same page but this time with OA off: 15 seconds 4) I turn OA on but this time the FF cache is still loaded and so is the Win7 DNS cache 1 minute 20 seconds 5) I do the same test 4 again 1 minute 20 seconds 6) As a last test I repeat test 1 above and get 1 minute 35 seconds While there is Internet activity the CPU meter is at 50%. I define totally finished in post 33 above. I believe this eliminates DNS activity as a reason for slowness.
  4. This just struck me. I agreed with the statement below: Now what if that were the problem. Instead of idling it is looping while waiting to process stuff.
  5. I'm not 100% sure about the DNS-related thing. It does not fix the problem entirely. Explanation: I notice this slowness on a local static page (file://) produced by my web statistics program. How could this be I said. Ah yes. In my reports there are referring URLs and FF does a prefetch for each one. Disabling prefetch did fix this specific problem totally. Using this link from this forums blog with a cleared cache (FF) it took 2 minutes 45 seconds to totally finish. 45 seconds before anything appeared on my screen. ~45 seconds without OA http://www.wired.com/2014/07/hacking-google-maps/ When I say totally finished I mean that I look at the status line at the bottom of FF where I see what URL it is fetching. When that stops I call it finished. So yes DNS activity. Lots. Hmmm! So I should perform more testing to validate or not this DNS theory. Unlike haiku above, OA drops to zero when there is no Internet traffic so his problem is of a different variety. I always have the CPU meter running.
  6. I have a similar thread running on this forum. As a temporary measure I have disabled DNS prefetch in Firefox. Not sure how to do it in other browsers. The other thing want to mention is that when I first noticed this "problem" I saw a $ sign on the OA icon. I had never turned on banking mode. Coincidence or clue? unknown. Agreed on this.
  7. I did the same test today (link below) with a cleared cache (FF) and it took 2 minutes 45 seconds. 45 seconds before anything appeared an my screen. http://www.wired.com/2014/07/hacking-google-maps/
  8. Post 4 above should read: I only see this while surfing. I can see it taking a little longer since OA has to process all the traffic inbound but from 40 seconds to a little under 5 minutes is NOT "a little" I will do the same test a little later. Today I was able to login to this forum.
  9. The wireshark test gives too much data. I have closed all application but monitor OA means what? I use process explorer instead of the task manager and OAsrv.exe is at 50%. If there were MS services interaction it would show activity. 50% only if http traffic. FTP does not seem to affect. The real test is a page like this from their blog: http://www.wired.com/2014/07/hacking-google-maps/ I used FF with a cleared cache and the status bar on so I can see which URLs it is accessing. About 5 minutes before this status bar shows no activity with OA on. About 40 seconds without OA on. On this computer with Norton 360, about 40 seconds. Conclusion: OA Maybe I never noticed this before but doubt it. My process explorer meter is always on. I would have noticed a steady 50% before. Since yesterday the Internet on that computer is not usable.
  10. Just reading this forum and your blog keeps the oasrv.exe at 50%. Feels like I'm using a pentium 1. Clicking a link on your blog to a Wired article takes over 2 minutes to come in. It's been over 5 minutes and the wheel is still turning and 50%. With OA disabled I used IE to get the same Wired article and it was just ~15 seconds
  11. Today this oasrv.exe 50% problem hit me after being away from the computer for a few hours. (so emsi updates would have come in) It seemed I could not go to any site then I noticed I was in "Bank mode" which I did not set. Set it back to standard. Disabled/Enabled OA. Rebooted too. It seems that whenever there is any traffic oasrv.exe goes to 50% (IE or FF). I could not even log to this forum. At times the network icon showed no network. I am on another PC now so it is not my network. Disabling OA makes the PC operate like it did early this morning. Smells like traffic is being blocked somewhere. So bad the PC thinks the network is down. Read the thread above about debug on. Will try that. Will try with my Wireshark on just to see if traffic is coming back from the Internet.
  12. You will find that there is a service "svchost -l LocalServices" started in your machine. This starts W32time amongst others. I have a corresponding entry in Online Armour in the autoruns section that is allowed and trusted. I did not put it there. It came with the system. How far off is your clock that you need to sync up? I once notice that if you are really off, the time server won't sync. But I mean really off. What NTP server do you try?
  13. It's implemented as a Windows service called W32Time. There should be no need to do anything to make it work. Online Armor is smart to know what this is. A command line program to play with time is w32tm.exe. No firewall I have ever tried or used ever needed to do anything for time synchronization to work. I presume you mean time synchronization to an Internet NTP server like time-nist.gov or time.windows.com
  14. Unless you are connect directly to the Internet without a router/firewall type device like a Linksys or D-Link etc, this reflects the status of the router. I presume that you are like most and have this router/firewall between your computer and the Internet. I would logon to the router and see if it is doing some sort of port forwarding and to which IP. The fact that they are closed is good. GRC probed and probably got a closed response. NOT good. By default all those ports are blocked by any firewall that I have ever heard of. As a matter of fact all unsolicited incoming traffic is blocked by default or else it is not a firewall but just a router. Ports are opened automatically by the fireall in response to an outgoing request to an Internet IP but only for the return traffic from that IP. Or it is opened by configuring the FW to let it through.
  15. OK found the hit list. antimalware/guard/host rules
  16. OK I was going to look into that later but it seems you did it for me. The real question is why Google Norway and Singapore are on their hit list. Am new to this product so am not sure if I can get a look at their hit list. True but the software is there to protect me. It should. That's why I bought it. Not for the common user faint of heart this software. The network.prefetch-next is set to true. Turned it off. We will see. IE does not do this.
  17. Sorry to post on an old thread but I get this too for google.no and google.com.sg. Verified in Guard surf protection and it's firefox. I'm pretty sure FF does a DNS check for URLs it finds on a webpage (to speed thigs up) and it happens when I look at my web stats. I get traffic from both these sites. I also saw one for ietf.org which seems to be obsolete now. I don't get traffic from there but surfed to a page that had a link to there and checked. I can see that as suspicious but Google Norway and Singapore?
  • Create New...