Spyware, Viruses, & Security forum

General discussion

No system restore available; printer driver eFax 4.1

by schles99 / April 25, 2008 1:30 PM PDT

System restore only shows today and the only choices things shown are "Printer Driver eFax 4.1 installed". So far today this entry has appeared 240 times! I've removed all efax files, drivers and registry entries, but can't figure out what is going on. Also the F8 key will not startup in Safe Mode (I'm not sure this is related.) I'm using Norton Client Firewall, and have run Spyware Doctor, but don't find anything out of the ordinary. This is happening after I re-imaged the hard drive.

?Any suggestions?

Discussion is locked
You are posting a reply to: No system restore available; printer driver eFax 4.1
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: No system restore available; printer driver eFax 4.1
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Well Symantec has this protection that halts SR use.
by R. Proffitt Forum moderator / April 25, 2008 1:32 PM PDT
Collapse -
Symantec Client Firewall (which was pre-installed)
by schles99 / April 25, 2008 2:42 PM PDT

Am using Symantec Client Firewall (which was pre-installed).

Collapse -
Sadly there is no such product I can find
by R. Proffitt Forum moderator / April 25, 2008 9:07 PM PDT

That matches that. But you do have symantec software which does have the side effect of causing SR to fail. Ask Symantec what product you have (or supply a link to it for us) and how to disable that protection to let system restore work again.
Bob

Collapse -
Includes firewall, Security, Intrusion Protection,
by schles99 / April 26, 2008 7:15 AM PDT

This product shows up on Symantec's web site and is principally a firewall. It's logs show connections, firewall,system, etc., but I can't interpret any of them.

Collapse -
Sorry.
by R. Proffitt Forum moderator / April 26, 2008 7:21 AM PDT

I can't match it up with just what you've told. However Symantec's products do cause SR to fail. Maybe my only answer is to toss their defective stuff out and go with something else?

Collapse -
Uninstalling it
by schles99 / April 26, 2008 11:16 AM PDT
In reply to: Sorry.

I'm going to uninstall it and see if that stops the SR issue.

Collapse -
Sorry but you need to know why I wrote...
by R. Proffitt Forum moderator / April 26, 2008 11:21 AM PDT
In reply to: Uninstalling it

To change Symantec's setting. When you uninstall you will likely invalidate prior restore points.

This is why I asked you to give me a link to the product. But your choice here. Good luck,
Bob

Collapse -
Didn't work
by schles99 / April 27, 2008 1:07 AM PDT

Hi

I uninstalled - and used Evo Unistalled to remove all registry entries. I then set a Restore Checkpoint. This morning the Restore Point was gone and there were again a series of the same Printer Driver installed messages.

Collapse -
Just asking.
by Kees Bakker / April 27, 2008 1:17 AM PDT
In reply to: Didn't work
Collapse -
"Have replaced system board and memory, so this seems to be
by R. Proffitt Forum moderator / April 27, 2008 1:14 AM PDT

"Have replaced system board and memory, so this seems to be a S/W issue"

That's a clue in an all too similar post. When we replace a motherboard Windows genenrally is toast or behaves badly. There are other things that could limit SR such as its settings (you can share that), free disk space on the Windows home drive and more.

The safe mode boot is not a clear indicator of much since I can't count how many don't know exactly when to tap the f8 key. Try 2 or 3 times a second.
Bob

Collapse -
efax printer driver trying to install many many times
by blondcb / September 11, 2008 11:59 PM PDT

How did you resolve this?

Collapse -
So you replaced your system board too?
by R. Proffitt Forum moderator / September 12, 2008 12:42 AM PDT
Collapse -
No system board was replaced!
by blondcb / September 12, 2008 2:37 AM PDT

I sent the following to efax tech support. Any other ideas?

WinXP Home Machine will not load Windows - "printer driver fax via efax 3.5 installed"

Only after restoring to last known good configuration could I get Windows to load. Looking at System Restore there are way too many:

"printer driver fax via efax 3.5 installed"

restore points.

My recollection is that yesterday McAfee indicated that an update was installed that required a reboot. I allowed the reboot and left only to return to the computer looping through BIOS post, Windows screen and quick "blue screen of death" that I could neither read nor pause.

Upon closer inspection, it's not clear to me when McAfee actually downloaded and installed the update because the first restore point is at 3 pm on Thursday and the last one was at 9:22 am today.

The only other items I installed yesterday was a ROM flash for my pocket PC (Verizon XV6800), the re-creation of a partnership through ActiveSync and a pocket PC; installation at 3:42 pm of Windows Mobile Voice Command and installation of Sprite Backup later in the evening.

Found these links that speak to a similar problem:

http://www.spywareinfoforum.com/index.php?showtopic=116311&mode=threaded

Other printer drivers that are installed are for Versacheck; ScanSoft PDF Create; Quickbooks PDF Converter; PaperPort Impage Printer; Microsoft XPS Document Writer; Microsoft Office Document Image Writer; Epson Stylus Photo 825; DocuCom PDF Driver; Brother MFC9800; Brother HL1440.

I did a general search on "efax" on my drives and came up with a cookie file named: cliff_blondes@efax[1].txt that was created this morning. Probably from visiting your site.

I do not believe that I ever have installed efax on this machine but may, at one point, have installed the efax viewer but, if so, it no longer is installed. While I have an eFax number, 18313049331, it is not something that I've used in a long time and probably is registered under blondcb@ureach.com

Using the Event Viewer and looking around 3 pm yesterday where the first Restore point was created for "printer driver fax via efax 3.5 installed", I see:

Event Type: Information
Event Source: Automatic LiveUpdate Scheduler
Event Category: Scheduler Events
Event ID: 101
Date: 9/11/2008
Time: 2:56:00 AM
User: NT AUTHORITY\SYSTEM
Computer: CMBDESKTOP
Description:
Information Level: success

Event Type: Information
Event Source: Automatic LiveUpdate Scheduler
Event Category: Scheduler Events
Event ID: 101
Date: 9/11/2008
Time: 3:30:53 PM
User: NT AUTHORITY\SYSTEM
Computer: CMBDESKTOP
Description:
Information Level: success

Automatic LiveUpdate has terminated.


Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11707
Date: 9/11/2008
Time: 3:45:45 PM
User: CMBDESKTOP\Cliff Blondes
Computer: CMBDESKTOP
Description:
Product: Microsoft Voice Command US PPC 1.60 for M2M -- Installation operation completed successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 42 39 42 33 37 33 36 {B9B3736
0008: 31 2d 32 31 34 44 2d 34 1-214D-4
0010: 44 37 42 2d 42 36 31 36 D7B-B616
0018: 2d 31 35 39 43 33 39 30 -159C390
0020: 46 45 31 45 44 7d FE1ED}

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 9/11/2008
Time: 4:31:00 PM
User: N/A
Computer: CMBDESKTOP
Description:
Hanging application WCESMgr.exe, version 4.5.5096.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 57 43 45 53 4d 67 WCESMg
0018: 72 2e 65 78 65 20 34 2e r.exe 4.
0020: 35 2e 35 30 39 36 2e 30 5.5096.0
0028: 20 69 6e 20 68 75 6e 67 in hung
0030: 61 70 70 20 30 2e 30 2e app 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000


Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 9/11/2008
Time: 4:31:04 PM
User: N/A
Computer: CMBDESKTOP
Description:
Fault bucket 352045506.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 33 35 32 30 34 35 35 30 35204550
0010: 36 0d 0a 6..

and then this keeps repeating almost identically for the same exact time

Event Type: Information
Event Source: HHCTRL
Event Category: None
Event ID: 1904
Date: 9/11/2008
Time: 5:25:46 PM
User: N/A
Computer: CMBDESKTOP
Description:
The description for Event ID ( 1904 ) in Source ( HHCTRL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: http://office.microsoft.com/assistance/hfws.aspx?AssetID=HP052433971033&CTT=1&Origin=EC010229981033&QueryID=W-6EkgAe_0&respos=2&rt=2, http://go.microsoft.com/fwlink?LinkID=45840.


and it doesn't seem as if McAfee started until after the problem developed

Event Type: Information
Event Source: McLogEvent
Event Category: None
Event ID: 5000
Date: 9/11/2008
Time: 6:02:51 PM
User: NT AUTHORITY\SYSTEM
Computer: CMBDESKTOP
Description:
McShield service started.
Engine version : 5200.2160
DAT version : 5382.0000

Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None

My sense from other posts on the web is that this may be associated with Symantec's LiveUpdate. The only Symantec program that I have installed is Save and Restore 2.0. So I opened Save and Restore and clicked on Live Update. After much time, an update installed:

The following Symantec products and components are installed on your computer.
> LiveUpdate
> Norton Save & Restore

Initializing...
Connecting to liveupdate.symantecliveupdate.com...

Downloading catalog file (1 of 2), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (2 of 2), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list

The following updates have been found:
> Norton Save & Restore, 59028.6 KB
Total Download 59028.6 KB

Downloading Norton Save & Restore (1 of 1), complete.

Installing Norton Save & Restore (1 of 1), complete.


LiveUpdate session is complete.

Collapse -
Then this problem is a new one.
by R. Proffitt Forum moderator / September 12, 2008 3:31 AM PDT

You've tagged onto a discussion that is not quite the same so I expect the outcome to be different.
Bob

Collapse -
What/Where would you suggest that I "go" with this?
by blondcb / September 12, 2008 3:51 AM PDT

Thanks

Collapse -
Do I Smell Something Untoward Here....
by tobeach / September 12, 2008 4:06 PM PDT
Collapse -
Thanks
by blondcb / September 12, 2008 9:13 PM PDT

It is the same. Any ideas on where to get help on the network issue?

Here's what I posted:
I think that I figured it out . . . - New!
by blondcb - 9/12/08 6:07 PM
In reply to: "printer driver fax via efax 3.5 installed" System Restore by blondcb
It appears that efax Messenger 3.5 on another computer in my home network was causing this.

When I turned off the "offending" computer, the System Restore points stopped being created. When I turned the "offending" computer back on the System Restore points started happening again.

I removed efax Messenger 3.5 from the "offending machine" and no further similar restore points.

What's peculiar is that while I cannot see the "offending machine" in Network Places (Windows XP Home), I can see it when I view Workgroup Computers. When I double click on it I get an error message saying: it's not accessable, might not have permission to use this network resource . . . the network path was not found. On the other hand, when using the "offending machine" I can see and access my computer just find.

Collapse -
Know LITTLE On This But It Seems....
by tobeach / September 13, 2008 5:28 PM PDT
In reply to: Thanks

Seems your "offending computer" is primary host machine and other is extension in network. Hence sees 1 way only??

If you want both to see both ways, I would be tempted to clear current network and start fresh with network wizard setting new network. Choose, in advance which you want as primary(host) and which 2 B extension & names for each & work group.

In current system network set up, possible that host or extension machine has some settings like "file sharing/printer sharing" etc. disabled there by making communication 1 way only?

As I say, networks confuse me mightily so anyone else's opinion WILL be better, I'm sure. Good Luck! Happy

Collapse -
It was McAfee's Personal Firewall from Comcast
by blondcb / September 14, 2008 10:15 AM PDT

on the offending machine that kept me from being able to "see" it. Once I disabled it and went back to Windows firewall "we be talking."

Still don't understand the printer driver installation attempts . . . .

Thanks

Collapse -
I Also Don't Understand Those Attempts....
by tobeach / September 14, 2008 2:42 PM PDT

BUT I'm starting to think it's behaving like a trojan install malware or maybe a rootkit?? Here's a free anti-rootkit from F-Secure called
Blacklight. It always called a Beta, but I have used every new version for years without 1 single problem from it.

They put out a new version every 3-6 months & the "Time Limited" freeware license is always extended at that time.

For extra safety, when I go to download it, at the "Save as" form, I always re-name it from "fsbl.exe" to anything else
(like "rotorooterapr108.exe") to fool any resident malware that might be watching out for this scanner to block it's install. By adding date into it's name, I also know how old it's getting. Update versions are listed in SV&S forum when they happen.

Well worth having and since scan takes only a few minutes, I scan 1 T every 2 weeks ("whether it needs it or not"). Enjoy!! Grin Sandy

OVERVIEW- http://www.f-secure.com/security_center/
Download- http://www.f-secure.com/blacklight/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?