Re: Unanswered Question Asked By Many
From: Eric (none_at_death.to.spammers.now)
Date: 12/02/03
- Next message: wiz: "Tracking software"
- Previous message: Lanwench [MVP - Exchange]: "Re: Problems with a trojan"
- In reply to: Kelly: "Re: Unanswered Question Asked By Many"
- Next in thread: davetest: "Re: Unanswered Question Asked By Many"
- Reply: davetest: "Re: Unanswered Question Asked By Many"
- Reply: David Candy: "Re: Unanswered Question Asked By Many"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 1 Dec 2003 23:47:24 -0500
Yeah, disabling fxssvc.exe was one of the earliest things I did try.
Something else that I forget to list, but only remembered when reading
someone else's post with the same exact problem, is that when these symptoms
appear there is a SVCHOST process running at 99 percent. I've been waiting
for the symptoms to re-appear, of course now that I WANT them to they won't,
so I can start shutting down different services from services.msc and see
which are linked to that SHVHOST process. That and the mysterious entry in
the history log are what I am now focusing on.
Thanks
-Eric
"Kelly" <kelly@mvps.org> wrote in message
news:uA6Pik9tDHA.2248@TK2MSFTNGP09.phx.gbl...
> Hi Eric,
>
> Suggestions:
>
> Go to Start/Run and type in: services.msc
> Scroll down to Fax and choose Properties.
> Choose Disable or Manual.
> From there in Task Manager: fxssvc.exe should not be running.
>
> --
> All the Best,
> Kelly
>
> MS-MVP Win98/XP
> [AE-Windows® XP]
>
> Troubleshooting Windows XP
> http://www.kellys-korner-xp.com
>
> Repair/Customize Quick Launch, Taskbar and Notification Area
> http://www.kellys-korner-xp.com/taskbarplus!.htm
>
> Registry Edits, Tips and Tricks for XP
> http://www.kellys-korner-xp.com/xp_tweaks.htm
>
> "Eric" <none@death.to.spammers.now> wrote in message
> news:vslbsqkhv6566b@corp.supernews.com...
> > I apologize for cross-threading, but having done deja and google
searches
> I
> > found that this question has been asked by many but still remains
> completely
> > unanswered. From my searches and reading, it appears that the nature of
> > this particular problem is somewhat widespread and common, however
nobody
> as
> > of yet has found a clear solution. I believe the newsgroups that I
posted
> > this to are appropiate and I wanted to ensure that it achieves maxinum
> > proliferation in case someone knows of a solution. If, for any other
> > reason, than perhaps someone in the future will come across the solution
> > through a deja search.
> >
> > I've been working every angle I can possible think of to find a solution
> to
> > this problem, but have only achieved working myself in full circles. I
> will
> > describe each angle I took to find a solution. I will also note
specific
> > software installed that may be giving this problem, perhaps when others
> read
> > this they will begin to see a pattern with specific programs installed.
> >
> > The problem itself seems simple enough: "WinXP internet connections
> freezing
> > up while using dialup modem connections"
> >
> > The symptoms: internet communication locks up completely, no traffic can
> be
> > received or transmitted. The dialup internet icon in the taskbar
(little
> > two terminal looking icon) no longer responds to left or right mouse
> clicks.
> > Only solution is to shut down WinXP and reboot. Sometimes while
shutting
> > down, a dialoge window appears stating that "HiddenFaxWindow" can not
shut
> > down properly and must by manually ended. Regardless, after this
problem
> > occurs, during the shutdown WinXP can only make itself to the "Saving
User
> > Settings" screen and afterwards requires a physical reset.
Interestingly,
> > this problem only presents itself while using a dialup internet
> > connection -- it doesn't present itself when only using broadband or
> > wireless connections.
> >
> > Course of action I have tried:
> >
> > 1. Obviously, the first thing I looked for was any fax (Microsoft or
third
> > party) software that may be giving the problem. The only third party
> > software I had installed was "FaxTalk NetOnHold", which operates both as
> > faxing software and a "modem on hold" software interface for my v.92
> dialup
> > modem. This, of course, was the prime suspect. However, I seem to
recall
> > having this problem before I installed FaxTalk. I did, however,
> completely
> > remove FaxTalk just to ensure it wasn't the culprit. When I installed
it,
> > Norton CleanSweep monitored the installation and I used CleanSweep to
> remove
> > it completely. I also hand searched the registry to ensure that no
> entries
> > were left behind, along with hand searching to ensure that all
directories
> > and files associated with it were also removed. They all were.
Searching
> > through FaxTalk's support web site and also specific searches on
> web/usenet
> > revieled no known problems with FaxTalk and dialup internet freezing up.
> >
> > 2. Next suspect was perhaps Lucent's "Modem on Hold", however I had
> > previously uninstalled it completely and cleanly to make certain there
> would
> > be no conflicts with FaxTalk. I ensured that there was nothing of it
left
> > laying around in the registry or drive.
> >
> > 3. With that out of the way, my next suspect was perhaps network
> protocols.
> > I removed, re-installed, and ensured I had the most current TCP/IP.
With
> > wireless and broadband working fine, I didn't really think this was the
> > problem but figured it couldn't hurt.
> >
> > 4. I read that WinXP's built-in firewall can sometimes cause conflicts
> when
> > you have another firewall in use. I have Norton's firewall. I ensured
> that
> > XP's firewall was disabled for dialup connections, but the problem
> > continued.
> >
> > 5. I read on Microsoft's support web site that DirectX 9.0b causes
> conflicts
> > with XP's firewall and Microsoft Instant Messenger. While I don't have
> > Microsoft IM load on boot, I did check out my DirectX. I have DirectX
> 9.0a
> > installed, which (based on Microsoft support knowledge base), fixed the
> > conflict problems that DirectX 9.0b had.
> >
> > 6. I begin to expect malware as a possibility. I keep my virus scanner
> > (Norton) continuously updated and frequently do full system scans. I
did
> > another full scan, regardless, and it had negative results. I also
> scanned
> > completely for spyware, using Ad Aware. Nothing beyond Doubleclick
cookies
> > were found. Still not completely convinved, I even scanned it with
> > different virus scanners and spyware scanners -- thinking perhaps it
> > might've been possible that malware could've attacked Norton or Ad
Aware.
> > To do these scans, I scanned the problem PC (laptop) over my wireless
> > network using scanner software physically running on a different
machine.
> > No results are found.
> >
> > 7. More web searching leads me to start believing that the "Mofei" worm
> may
> > be a possibility since some of the symptoms are similiar. I see no
> > footprint of this worm, however. Looking at the registry by hand shows
no
> > footprint related to this worm being installed, nor do any system files.
> > The system file /windows/system32/scardsrv32.exe is a footprint of this
> > worm, however it wasn't in the directory. I did have a few files in
that
> > directory that initially caught my attention (scardsrv.exe,
scardssp.dll)
> > mainly because of their file version number (ver: 5.1.2600.0 -- that
> '2600'
> > caught my eye), but after doing some searching against at Microsoft I
> > discovered that these files (Microsoft Smart Card Service Manager) and
the
> > version number were legit. To be absolutely sure, I even did a checksum
> > comparison between these files in my directory and known legit files.
> They
> > checked out fine.
> >
> > 8. Running "Event Viewer" (/start/Control Panel/Adminstration Tool/Event
> > View) raises a few questions. Looking at the Security Log, some
questions
> > are raised. I don't believe these are related to this specific internet
> > freezing problem though, but they still kind of bug me. In the log,
many
> > entries have been (and continue to be) logged for unsuccessul logon
> attempts
> > by an "advapi" process. Reason for unsuccessful logon attempts is
> "unknown
> > user name or password". I had read that this isn't anything major to
fret
> > over and have read that this might be caused by the "Administrator"
> account
> > name being changed. After installing WinXP (full scratch install), I
had
> > initially selected "Administrator" for the administrator account name
> during
> > the setup process, but later changed it to a different name. I wonder
if
> > this could be why I am seeing all these log entries and if I
could/should
> > change something to clear them up. (WinXP wouldn't let me change the
> > administrator account name back to "Administrator", it says its already
in
> > use. From what I read, the names "Administrator", "Guest", etc can't be
> use
> > for account names. I suppose this holds true even if you had changed the
> > administrator account name from "Adminstrator" and want to revert back
to
> > that name?) I'll hold these questions for later though.
> >
> > 9. Running msinfo32.exe raises my most alarming question. In the system
> > history log, there are sometimes an entry for a program that is beeing
> added
> > and then immedietly removed. The syntax used when it is added is
> > "[program].exe \install". (The "\" might have been a "/", can't
remember
> > off-hand which slash it was.) After it is added, it is immedietly
> removed.
> > The reason why I didn't give a name for "[program]" is because I can't
> using
> > normal ASCII text here! The name of this program is about four (or
five)
> > special characters, at least two appearing as a "y" with an accent mark
> over
> > it. This, of course, raises grave concern of stealthy malware
somewhere.
> I
> > have no idea on how to do a file search for a filename with these
special
> > characters. As far as I knew, I didn't even think a filename could
> contain
> > them?
> >
> > Malware seems to be my suspect at the moment, but I'm not completely
> > convinced as the only the software I have installed from the internet
has
> > been Ad Aware. Everything else has been commercial, packaged, software.
> > Its still possible, I admit, that malware might had found it's way in
> > through email (although I have .exe's, components, even HTML disabled
for
> > email) or the web.
> >
> > I now admit to feeling completely defeated on finding a solution.
> >
> > Some software I have (and had) installed that may be common with others
> > (read some posts that said some of these were installed on their system
as
> > well):
> >
> > - Lucent's "Modem on Hold" utility for v.92 modems
> > - FaxTalk NetOnHold
> > - Microsoft Office 2000 over WinXP
> > - DirectX 9.0a
> >
> > Apologies for the long post, but wanted to make it as clear as possible.
> > Any help would be most appreciated by myself and many others.
> >
> > Thanks!
> >
> > -Eric
> >
> >
> >
> >
> >
> >
>
- Next message: wiz: "Tracking software"
- Previous message: Lanwench [MVP - Exchange]: "Re: Problems with a trojan"
- In reply to: Kelly: "Re: Unanswered Question Asked By Many"
- Next in thread: davetest: "Re: Unanswered Question Asked By Many"
- Reply: davetest: "Re: Unanswered Question Asked By Many"
- Reply: David Candy: "Re: Unanswered Question Asked By Many"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
