Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD xp emeraldnzl [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
  • 0

Advertisements


#17
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Ran it in safemode just fyi


Farbar Service Scanner Version: 23-11-2013
Ran by cookie (administrator) on 23-11-2013 at 13:09:18
Running from "C:\Documents and Settings\cookie\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello cmislin,

Please download ESET's Service Repair Tool.

  • Save it to your desktop
  • Right click on it an run it as Administrator
After that please run a scan with Farbar Service Scanner again and post back the log it makes.
  • 0

#19
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Is it normal for SRT to prompt you to reboot your system?

Edited by cmislin, 23 November 2013 - 01:32 PM.

  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
You will need to reboot yes.
  • 0

#21
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Farbar Service Scanner Version: 23-11-2013
Ran by cookie (administrator) on 23-11-2013 at 15:03:00
Running from "C:\Documents and Settings\cookie\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
That ESET services repair didn't seem to work.

Let's see if we can manually start them.

Start, Run, services.msc , OK.

Find the Background Intelligent Transfer Service (BITS) and right click it and select Properties. Change the Startup Type: to Auto and Apply.

Reboot your machine and run FSS again. Post the log back here.
  • 0

#23
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Could it be because I'm in safe mode?
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Are you able to boot into normal mode?

If so, boot into normal mode and run the scan from there.
  • 0

#25
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Well yes I can its just how long if I have chrome open before it BSOD is the issue. Since for like 9 months or so I didn't use chrome and had like 1 BSOD as opposed with chrome it happens a lot. SO run this?

That ESET services repair didn't seem to work.

Let's see if we can manually start them.

Start, Run, services.msc , OK.

Find the Background Intelligent Transfer Service (BITS) and right click it and select Properties. Change the Startup Type: to Auto and Apply.

Reboot your machine and run FSS again. Post the log back here.

As per you posted up there in normal mode then?
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Well yes I can its just how long if I have chrome open before it BSOD is the issue. Since for like 9 months or so I didn't use chrome and had like 1 BSOD as opposed with chrome it happens a lot.


Might be time to try it for a while to see if there has been any change although it may be related to some services not working properly. Still worth a try I think.

SO run this?


Yes, I want to see if we can get BITS working.
  • 0

#27
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Farbar Service Scanner Version: 23-11-2013
Ran by cookie (administrator) on 24-11-2013 at 00:09:32
Running from "C:\Documents and Settings\cookie\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Looking good. :thumbsup:

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#29
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d9ede54c528574489c2c188b6d1bb7b7
# engine=16003
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-24 09:05:23
# local_time=2013-11-24 04:05:23 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1039 16777213 100 91 0 71474707 0 0
# scanned=283781
# found=9
# cleaned=9
# scan_time=12407
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\cookie\Application Data\0S1F1O2Z0S2Y1H1T\ImgBurn Packages\uninstaller.exe"
sh=CB9E95520F6EB80966888C9E243A87EEE00EEB08 ft=1 fh=01541ffcd81d215a vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Downloads\Adaware_Installer.exe"
sh=170DB95C94DF8E2A3BD9042BB33EA6993435B93A ft=1 fh=64635c7b166c9097 vn="a variant of Win32/DealPly.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Downloads\drivermax_7_18_cnet.exe"
sh=31937AB7905DF40C2C45E0E61CEB4E54E280C3B5 ft=1 fh=20cf065ef598621d vn="a variant of Win32/DealPly.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Downloads\drivermax_7_21_cnet_dealply.exe"
sh=B3992BBA748BF5AA25C9BB11771B27B233C6E31E ft=1 fh=6b9f6f10191df921 vn="a variant of Win32/DealPly.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Downloads\drivermax_7_22_cnet_dealply (1).exe"
sh=BF9BC5FC71A9F88D6009940653E201EE1B699B81 ft=1 fh=3eae044a28bdef40 vn="a variant of Win32/OpenCandy.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Downloads\pspvideo9-600-setup.exe"
sh=49ACAFACAAC62A745E69D71A58CC9453C41B15D0 ft=1 fh=b98f31ba52914450 vn="Win32/PrcView application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Google Drive\Software\Diagnostics\UBCD4WinV360.exe"
sh=5BC63A1264D124BA96333BB6ED05F725DE01E0EF ft=0 fh=0000000000000000 vn="Win32/PSWTool.KonBoot.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\cookie\My Documents\Google Drive\Software\Diagnostics\ubcd511.iso"
sh=CB9E95520F6EB80966888C9E243A87EEE00EEB08 ft=1 fh=01541ffcd81d215a vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="D:\Software\Adaware_Installer.exe"
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
So how is your machine now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP