Just wanted to make sure there's no holes in what I'm thinking before I start poking around. I've had an issue with Internet speeds the last few days. The problem affects both PCs and my mobile in our house, but ONLY occurs when the main PC is on. When it's off, or not connected to the router (it connects via Ethernet), everything is fine.
At the moment I'm on the main PC using an Ubuntu Live CD and again everything is tickety-boo.
Is it reasonable to assume then that the problem lies within Windows, either being a driver or software issue? I don't see any point in checking the PC's innards as surely any problem there would also affect Ubuntu. And I can't see it being any external factor such as inteference as again that would be affecting me now.
Am I right? Or have a missed something?

Thanks!

Brigs

I'd be looking for spyware or something else nasty on the main PC first.

Aye, something of the malwarey nature what was I was expecting though. Annoying little bugger tho - it takes my bandwidth down to sub-56k levels for about 25 minutes, then gives me normal speeds for about 7 minutes. Regular as clockwork.

On the main PC open a command prompt then do 'netstat' and post the results. Best to do it with no other programs running and when your connection is on a go slow.

Hmph. Hate it when this happens. Back on main Windows now, having had this problem for about 3 days. Now everything seems normal again, but lingering suspicion that something's not quite right.

Yeah, sounds like something within windows is hammering your bandwidth.

If you do netstat with the -b option it'll also tell you what executable is creating the connection. Running it with the -a option also lists any listening ports, rather than just those who are actively receiving.

If you add the -B switch it's probably best to pipe the output to a text file as it makes it difficult to read on screen (and it's worth piping it to a text file if you don't have a large screen buffer on your CMD window too).

K it's happening again...here's the netstat (wrapped in code to make it easier to read):

Proto Local Address Foreign Address State PID
TCP 192.168.0.4:49293 baymsg1010719:msnp ESTABLISHED 4692
[wlcomm.exe]
TCP 192.168.0.4:49305 tcpep:https ESTABLISHED 3268
[MOE.exe]
TCP 192.168.0.4:49383 enclosure:https FIN_WAIT_1 3268
[MOE.exe]
TCP 192.168.0.4:49385 accounts:https ESTABLISHED 3268
[MOE.exe]
TCP 192.168.0.4:49387 enclosure:https ESTABLISHED 3268
[MOE.exe]
TCP 192.168.0.4:49388 enclosure:https ESTABLISHED 3268
[MOE.exe]
TCP [::1]:2048 Nick-PC:49386 ESTABLISHED 4
Can not obtain ownership in formation
TCP [::1]:49380 Nick-PC:2048 TIME_WAIT 0
TCP [::1]:49386 Nick-PC:2048 ESTABLISHED 2620
[WLSync.exe]


I know there's not much there but I hadn't had the pooter on very long. MOE is apparently Windows Live Mesh btw.

Looks pretty clean. Next time, shut down Live Mesh while it's happening.

Download hijackthis and post the report here