E
Eric
I apologize for cross-threading, but having done deja and google searches I
found that this question has been asked by many but still remains completely
unanswered. From my searches and reading, it appears that the nature of
this particular problem is somewhat widespread and common, however nobody as
of yet has found a clear solution. I believe the newsgroups that I posted
this to are appropiate and I wanted to ensure that it achieves maxinum
proliferation in case someone knows of a solution. If, for any other
reason, than perhaps someone in the future will come across the solution
through a deja search.
I've been working every angle I can possible think of to find a solution to
this problem, but have only achieved working myself in full circles. I will
describe each angle I took to find a solution. I will also note specific
software installed that may be giving this problem, perhaps when others read
this they will begin to see a pattern with specific programs installed.
The problem itself seems simple enough: "WinXP internet connections freezing
up while using dialup modem connections"
The symptoms: internet communication locks up completely, no traffic can be
received or transmitted. The dialup internet icon in the taskbar (little
two terminal looking icon) no longer responds to left or right mouse clicks.
Only solution is to shut down WinXP and reboot. Sometimes while shutting
down, a dialoge window appears stating that "HiddenFaxWindow" can not shut
down properly and must by manually ended. Regardless, after this problem
occurs, during the shutdown WinXP can only make itself to the "Saving User
Settings" screen and afterwards requires a physical reset. Interestingly,
this problem only presents itself while using a dialup internet
connection -- it doesn't present itself when only using broadband or
wireless connections.
Course of action I have tried:
1. Obviously, the first thing I looked for was any fax (Microsoft or third
party) software that may be giving the problem. The only third party
software I had installed was "FaxTalk NetOnHold", which operates both as
faxing software and a "modem on hold" software interface for my v.92 dialup
modem. This, of course, was the prime suspect. However, I seem to recall
having this problem before I installed FaxTalk. I did, however, completely
remove FaxTalk just to ensure it wasn't the culprit. When I installed it,
Norton CleanSweep monitored the installation and I used CleanSweep to remove
it completely. I also hand searched the registry to ensure that no entries
were left behind, along with hand searching to ensure that all directories
and files associated with it were also removed. They all were. Searching
through FaxTalk's support web site and also specific searches on web/usenet
revieled no known problems with FaxTalk and dialup internet freezing up.
2. Next suspect was perhaps Lucent's "Modem on Hold", however I had
previously uninstalled it completely and cleanly to make certain there would
be no conflicts with FaxTalk. I ensured that there was nothing of it left
laying around in the registry or drive.
3. With that out of the way, my next suspect was perhaps network protocols.
I removed, re-installed, and ensured I had the most current TCP/IP. With
wireless and broadband working fine, I didn't really think this was the
problem but figured it couldn't hurt.
4. I read that WinXP's built-in firewall can sometimes cause conflicts when
you have another firewall in use. I have Norton's firewall. I ensured that
XP's firewall was disabled for dialup connections, but the problem
continued.
5. I read on Microsoft's support web site that DirectX 9.0b causes conflicts
with XP's firewall and Microsoft Instant Messenger. While I don't have
Microsoft IM load on boot, I did check out my DirectX. I have DirectX 9.0a
installed, which (based on Microsoft support knowledge base), fixed the
conflict problems that DirectX 9.0b had.
6. I begin to expect malware as a possibility. I keep my virus scanner
(Norton) continuously updated and frequently do full system scans. I did
another full scan, regardless, and it had negative results. I also scanned
completely for spyware, using Ad Aware. Nothing beyond Doubleclick cookies
were found. Still not completely convinved, I even scanned it with
different virus scanners and spyware scanners -- thinking perhaps it
might've been possible that malware could've attacked Norton or Ad Aware.
To do these scans, I scanned the problem PC (laptop) over my wireless
network using scanner software physically running on a different machine.
No results are found.
7. More web searching leads me to start believing that the "Mofei" worm may
be a possibility since some of the symptoms are similiar. I see no
footprint of this worm, however. Looking at the registry by hand shows no
footprint related to this worm being installed, nor do any system files.
The system file /windows/system32/scardsrv32.exe is a footprint of this
worm, however it wasn't in the directory. I did have a few files in that
directory that initially caught my attention (scardsrv.exe, scardssp.dll)
mainly because of their file version number (ver: 5.1.2600.0 -- that '2600'
caught my eye), but after doing some searching against at Microsoft I
discovered that these files (Microsoft Smart Card Service Manager) and the
version number were legit. To be absolutely sure, I even did a checksum
comparison between these files in my directory and known legit files. They
checked out fine.
8. Running "Event Viewer" (/start/Control Panel/Adminstration Tool/Event
View) raises a few questions. Looking at the Security Log, some questions
are raised. I don't believe these are related to this specific internet
freezing problem though, but they still kind of bug me. In the log, many
entries have been (and continue to be) logged for unsuccessul logon attempts
by an "advapi" process. Reason for unsuccessful logon attempts is "unknown
user name or password". I had read that this isn't anything major to fret
over and have read that this might be caused by the "Administrator" account
name being changed. After installing WinXP (full scratch install), I had
initially selected "Administrator" for the administrator account name during
the setup process, but later changed it to a different name. I wonder if
this could be why I am seeing all these log entries and if I could/should
change something to clear them up. (WinXP wouldn't let me change the
administrator account name back to "Administrator", it says its already in
use. From what I read, the names "Administrator", "Guest", etc can't be use
for account names. I suppose this holds true even if you had changed the
administrator account name from "Adminstrator" and want to revert back to
that name?) I'll hold these questions for later though.
9. Running msinfo32.exe raises my most alarming question. In the system
history log, there are sometimes an entry for a program that is beeing added
and then immedietly removed. The syntax used when it is added is
"[program].exe \install". (The "\" might have been a "/", can't remember
off-hand which slash it was.) After it is added, it is immedietly removed.
The reason why I didn't give a name for "[program]" is because I can't using
normal ASCII text here! The name of this program is about four (or five)
special characters, at least two appearing as a "y" with an accent mark over
it. This, of course, raises grave concern of stealthy malware somewhere. I
have no idea on how to do a file search for a filename with these special
characters. As far as I knew, I didn't even think a filename could contain
them?
Malware seems to be my suspect at the moment, but I'm not completely
convinced as the only the software I have installed from the internet has
been Ad Aware. Everything else has been commercial, packaged, software.
Its still possible, I admit, that malware might had found it's way in
through email (although I have .exe's, components, even HTML disabled for
email) or the web.
I now admit to feeling completely defeated on finding a solution.
Some software I have (and had) installed that may be common with others
(read some posts that said some of these were installed on their system as
well):
- Lucent's "Modem on Hold" utility for v.92 modems
- FaxTalk NetOnHold
- Microsoft Office 2000 over WinXP
- DirectX 9.0a
Apologies for the long post, but wanted to make it as clear as possible.
Any help would be most appreciated by myself and many others.
Thanks!
-Eric
found that this question has been asked by many but still remains completely
unanswered. From my searches and reading, it appears that the nature of
this particular problem is somewhat widespread and common, however nobody as
of yet has found a clear solution. I believe the newsgroups that I posted
this to are appropiate and I wanted to ensure that it achieves maxinum
proliferation in case someone knows of a solution. If, for any other
reason, than perhaps someone in the future will come across the solution
through a deja search.
I've been working every angle I can possible think of to find a solution to
this problem, but have only achieved working myself in full circles. I will
describe each angle I took to find a solution. I will also note specific
software installed that may be giving this problem, perhaps when others read
this they will begin to see a pattern with specific programs installed.
The problem itself seems simple enough: "WinXP internet connections freezing
up while using dialup modem connections"
The symptoms: internet communication locks up completely, no traffic can be
received or transmitted. The dialup internet icon in the taskbar (little
two terminal looking icon) no longer responds to left or right mouse clicks.
Only solution is to shut down WinXP and reboot. Sometimes while shutting
down, a dialoge window appears stating that "HiddenFaxWindow" can not shut
down properly and must by manually ended. Regardless, after this problem
occurs, during the shutdown WinXP can only make itself to the "Saving User
Settings" screen and afterwards requires a physical reset. Interestingly,
this problem only presents itself while using a dialup internet
connection -- it doesn't present itself when only using broadband or
wireless connections.
Course of action I have tried:
1. Obviously, the first thing I looked for was any fax (Microsoft or third
party) software that may be giving the problem. The only third party
software I had installed was "FaxTalk NetOnHold", which operates both as
faxing software and a "modem on hold" software interface for my v.92 dialup
modem. This, of course, was the prime suspect. However, I seem to recall
having this problem before I installed FaxTalk. I did, however, completely
remove FaxTalk just to ensure it wasn't the culprit. When I installed it,
Norton CleanSweep monitored the installation and I used CleanSweep to remove
it completely. I also hand searched the registry to ensure that no entries
were left behind, along with hand searching to ensure that all directories
and files associated with it were also removed. They all were. Searching
through FaxTalk's support web site and also specific searches on web/usenet
revieled no known problems with FaxTalk and dialup internet freezing up.
2. Next suspect was perhaps Lucent's "Modem on Hold", however I had
previously uninstalled it completely and cleanly to make certain there would
be no conflicts with FaxTalk. I ensured that there was nothing of it left
laying around in the registry or drive.
3. With that out of the way, my next suspect was perhaps network protocols.
I removed, re-installed, and ensured I had the most current TCP/IP. With
wireless and broadband working fine, I didn't really think this was the
problem but figured it couldn't hurt.
4. I read that WinXP's built-in firewall can sometimes cause conflicts when
you have another firewall in use. I have Norton's firewall. I ensured that
XP's firewall was disabled for dialup connections, but the problem
continued.
5. I read on Microsoft's support web site that DirectX 9.0b causes conflicts
with XP's firewall and Microsoft Instant Messenger. While I don't have
Microsoft IM load on boot, I did check out my DirectX. I have DirectX 9.0a
installed, which (based on Microsoft support knowledge base), fixed the
conflict problems that DirectX 9.0b had.
6. I begin to expect malware as a possibility. I keep my virus scanner
(Norton) continuously updated and frequently do full system scans. I did
another full scan, regardless, and it had negative results. I also scanned
completely for spyware, using Ad Aware. Nothing beyond Doubleclick cookies
were found. Still not completely convinved, I even scanned it with
different virus scanners and spyware scanners -- thinking perhaps it
might've been possible that malware could've attacked Norton or Ad Aware.
To do these scans, I scanned the problem PC (laptop) over my wireless
network using scanner software physically running on a different machine.
No results are found.
7. More web searching leads me to start believing that the "Mofei" worm may
be a possibility since some of the symptoms are similiar. I see no
footprint of this worm, however. Looking at the registry by hand shows no
footprint related to this worm being installed, nor do any system files.
The system file /windows/system32/scardsrv32.exe is a footprint of this
worm, however it wasn't in the directory. I did have a few files in that
directory that initially caught my attention (scardsrv.exe, scardssp.dll)
mainly because of their file version number (ver: 5.1.2600.0 -- that '2600'
caught my eye), but after doing some searching against at Microsoft I
discovered that these files (Microsoft Smart Card Service Manager) and the
version number were legit. To be absolutely sure, I even did a checksum
comparison between these files in my directory and known legit files. They
checked out fine.
8. Running "Event Viewer" (/start/Control Panel/Adminstration Tool/Event
View) raises a few questions. Looking at the Security Log, some questions
are raised. I don't believe these are related to this specific internet
freezing problem though, but they still kind of bug me. In the log, many
entries have been (and continue to be) logged for unsuccessul logon attempts
by an "advapi" process. Reason for unsuccessful logon attempts is "unknown
user name or password". I had read that this isn't anything major to fret
over and have read that this might be caused by the "Administrator" account
name being changed. After installing WinXP (full scratch install), I had
initially selected "Administrator" for the administrator account name during
the setup process, but later changed it to a different name. I wonder if
this could be why I am seeing all these log entries and if I could/should
change something to clear them up. (WinXP wouldn't let me change the
administrator account name back to "Administrator", it says its already in
use. From what I read, the names "Administrator", "Guest", etc can't be use
for account names. I suppose this holds true even if you had changed the
administrator account name from "Adminstrator" and want to revert back to
that name?) I'll hold these questions for later though.
9. Running msinfo32.exe raises my most alarming question. In the system
history log, there are sometimes an entry for a program that is beeing added
and then immedietly removed. The syntax used when it is added is
"[program].exe \install". (The "\" might have been a "/", can't remember
off-hand which slash it was.) After it is added, it is immedietly removed.
The reason why I didn't give a name for "[program]" is because I can't using
normal ASCII text here! The name of this program is about four (or five)
special characters, at least two appearing as a "y" with an accent mark over
it. This, of course, raises grave concern of stealthy malware somewhere. I
have no idea on how to do a file search for a filename with these special
characters. As far as I knew, I didn't even think a filename could contain
them?
Malware seems to be my suspect at the moment, but I'm not completely
convinced as the only the software I have installed from the internet has
been Ad Aware. Everything else has been commercial, packaged, software.
Its still possible, I admit, that malware might had found it's way in
through email (although I have .exe's, components, even HTML disabled for
email) or the web.
I now admit to feeling completely defeated on finding a solution.
Some software I have (and had) installed that may be common with others
(read some posts that said some of these were installed on their system as
well):
- Lucent's "Modem on Hold" utility for v.92 modems
- FaxTalk NetOnHold
- Microsoft Office 2000 over WinXP
- DirectX 9.0a
Apologies for the long post, but wanted to make it as clear as possible.
Any help would be most appreciated by myself and many others.
Thanks!
-Eric