|
Answer» G'day.
I can't work this one out, or find any info by search or elsewhere.
OS=XP Prof +SP2.
Problem = Often, but not always, when I'm on-line with my dial-up connection, the Windows Explorer toolbar will freeze up. The application - either Firefox or Pegasus email - still works and I start applications via the desktop icons but the Quickstart toolbar and the tray don't respond to mouseclicks and icons with graphics like the networking icon and Zone Alarm's traffic register freeze.
So I can't disconnect via the networking icon but have to do it through by calling up networking properties via the dresktop "ISP connection" icon. The connection disconnects OK (I can tell from the leds on my external modem) but the networking icon in the tray stays up for several minutes. Then I'll get a chain of responses to any toolbar clicks I've done as though a buffer is clearing and everything is OK.
I can trigger the 'buffer clearing' - if that is what it is - by using task manager to kill a 'svchost.exe' process being run by System, but if I kill the wrong one Windows takes offence and closes down!
I've both Pest Patrol and Spybot up to date but they report no adware or trojans aboard, and an anti-virus scan produces nothing.
My dial-up connection, though, is sometimes 'hi-jacked' by something. I'd guess it is an application with an auto-update facility taking over the connection although I've turned off all the auto-updates I can find. When it's happening Zone Alarm doesn't report any unusual programs on line and I can't see any 'strange' processes running in task manager.
I"ve reached the point where a re- or repair install of XP seems the only solution (see my post 'dynamic disks' in the 'computer hardware' forum, but that's a last RESORT.
Any ideas? And in particular is there any way of tracking down the application I think is interfering with the connection when it's up, and which I think might by causing the freeze-up if something in the system is awaiting a response that doesn't come?
Desperately yours,
FalstaffHave a look with http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
You will need to scroll down to the bottom of the page to get it.G'day.
Thanks for that Fed. I tried Process Explorer, but the only thing that struck me as odd when the problem occured was that I was running 5 copies of svchost.exe - one of which was linked to the Windows Update .exe app.
Now as I have a slow dial-up connection I don't want any auto-updates taking it overand so have all I can find, including Windows Update, turned off, which makes it odd that its app should appear to be running.
Today I had a problem in that although I could right -click the networking icon in the tray and get the menu, clicking 'disconnect' didn't work - the connection stayed stubbornly up although no data was passing. If I tried clicking the IPS connect icon on disktop I couldn't get that up either, so had no way of disconnecting. Had to turn the modem off physically.
Odder and odder.Just to convince me you don't have any bugs, download, install, update & run 'ewido' & 'windows anti-spyware beta' programs. Both are easily searched & obtained.
In addition, do an online scan here http://www.pandasoftware.com/activescan/ and we'll see where that lands us.
G'day Fed.
I'm confident I'm clean. AV is up-to-date, I downloaded and ran the Windows Antispy (thanks for that) which came up with nothing, as does eTrust's Pest Patrol and Spybot.
I tried the Panda Software thing but it wouldn't work for me. I think it needs IE and I used Firefox.
But here's another oddity in my system - when I dug IE out of the basement to give Panda a try IE wouldn't connect at all, and when I tried to check out Internet Options under Tools it told me - "this operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator" - which is odd as my working account is an administrator account.
So I logged on to my pure admininstrator account and I could access IE's internet options perfectly well, although it still would not connect.
It might be that I have two ISP accounts - one dial-up and one satellite - only one of which can be set as default, so if IE always looks for the default connection and I'm on the other one perhaps it doesn't see it. Dashed if I know.
Have a look at this
http://www.wilderssecurity.com/archive/index.php/t-29250.html
It's not very heavy or long.
Then try procexp again and right click on each 'svchost' in the TOP screen, choose properties then services.
See if that will tell you what's running.
BTW, when I'm connected (dialup) with IE open (like now), I have only 2 instances of svchost running.Let's leave your other oddity out of this equation for now. G'day Fed.
Thanks for that.
Can't say I fully understood it, but interestingly the IPv6 helper service was running on my machine too, although it wasn't switched on in any network connection. I've turning it off and will see what happens.
I have 5 svchost processes running on my machine even before establishing a connection, but they all seem linked to bona fide applications. Of course whether or not I actually need them is another matter, and beyond me.
I have a suspicion now that the culprit might be my email app. I use Pegasus, and the problem seems to occure when it's running - tho' not every TIME. According to Process Explorer it is the only app. that runs, but sometimes there is data passing over the connection, but Pegasus' own mail downloads seem to have hung, and it is using 100% processor time, which seems a lot for a mail app.
I'll try using anothe mail app for a time and see if that helps.
Ta.I'm still not fully convinced you don't have a virus.
I'm on W2k but I'm sure it's the same for xp.
Connect to your server & open IE at say, google and wait until it fully loads the page.
If you have a small pair of monitors in the bottom right hand side of your taskbar, right click on them and select 'status'.
You should then be able to see the 'sent' and 'received' bytes.
Watch them for a short while and see you are sending or receiving any traffic while your traffic should be idle.
Another little trick is to create in your email contact list a fictitious email address in your contact list like
[email protected] causing any nasty programs that are using your email list to try & send to that address.
This in turn will trigger a 'mail undeliverable' response from your ISP and alert you to a problem.G'day Fed.
Thanks for that.
I don't use IE or Outlook. My browser is Firefox and my email Pegasus which doesn't use the Microsoft contacts file so even if viruses get into my machine hopefully they starve to death.
I had the following reply from Tech Support at Pegasus:
"...the SP2 package does a lot of strange thing to
winsock applications. I would really look around and see it if you can turn off
some of the more redundent checks.
This almost sounds like a packet size problem. The packets are getting fragmented
and lost so there are a lot of RETRIES and hangs. This can increase the data flow
significantly.
I would also try using the -z 1024 commandline option to shift to blocking sockets
to see if this helps.
1024 Use blocking sockets; may be needed for some
defective WINSOCK implementations."
I don't want to start turning services off unless I'm really sure what I'm doing, which I don't. I don't understand the 'blocking sockets' bit either. I guess I could try to search MS support for it, but if you can explain in simple terms I'd be obliged.
Thanks
Connect to your server & open FIREFOX at say, google and wait until it fully loads the page, also open PEGASUS and let is sit there doing nothing.
Then if you have a small pair of monitors in the bottom right hand side of your taskbar, right click on them and select 'status'.
You should then be able to see the 'sent' and 'received' bytes.
Watch them for a short while and see you are sending or receiving any traffic while your traffic should be idle.
|
