Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar service Scanner


  • Please log in to reply
33 replies to this topic

#1 vulcain

vulcain

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 07 July 2013 - 12:19 PM

Hello,
 
even if you do not advise, a friend used Farbar Scanner service to see what it says
PC is a 64bit, it blocked BSOD, a reboot and everything became normal.
can you give the cause, so I could tell him not to use it without taking care to come here.
Sincerely,

 


Edited by vulcain, 07 July 2013 - 12:21 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:05 PM

Posted 07 July 2013 - 04:57 PM

BSODs are caused by any number of things.

 

The Farbar tool itself has no known issues that I'm aware of...I just installed it and ran it with no problems.

 

Without a lot more data...IMO, it's impossible to guess at what might cause a system BSOD.

 

Louis



#3 vulcain

vulcain
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 09 July 2013 - 11:45 AM

Hello,
 
I will seal the error codes, but can not do more without causing more serious problems
cordially

 

speecy :

 http://speccy.piriform.com/results/SlbrxjWUJq0eusWncNOQT3H

 

 

 

Le rapport de plantage Crosoft :

Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.1.7601.2.1.0.768.3
Identificateur de paramètres régionaux: 1036

Informations supplémentaires sur le problème :
BCCode: 50
BCP1: FFFFF500096C3021
BCP2: 0000000000000001
BCP3: FFFFFA80047CA012
BCP4: 0000000000000007
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Fichiers aidant à décrire le problème :
C:\Windows\Minidump\070713-38204-01.dmp
C:\Users\Admin\AppData\Local\Temp\WER-52353-0.sysdata.xml

Le rapport WhoCrashed :

On Sun 07/07/2013 16:38:57 GMT your computer crashed
crash dump file: C:\Windows\Minidump\070713-38204-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75C00)
Bugcheck code: 0x50 (0xFFFFF500096C3021, 0x1, 0xFFFFFA80047CA012, 0x7)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.


Edited by vulcain, 09 July 2013 - 11:47 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:05 PM

Posted 09 July 2013 - 01:34 PM

It's virtually impossible to determine if a system has issues...from a single BSOD...and BSODs which point to ntoskrnl.exe...are too generalized for any sort of analysis without additional data about other BSODs on the system.

 

Louis



#5 vulcain

vulcain
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 09 July 2013 - 02:21 PM

Hello,
 
 What you need to analyze

Edited by vulcain, 09 July 2013 - 02:26 PM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:05 PM

Posted 09 July 2013 - 07:16 PM

Download/install BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html .
Double-click BlueScreenView.exe file.
 
When autoscan is done (screen comes up), click Edit/Select All...then File/Save Selected Items.
 
Save the report as BSOD.txt.
 
Open BSOD.txt in Notepad, copy all content and paste it into your next reply
 
And, please...English is the native language used on this forum.  If your system prints reports in French...few of us have the capability for reading/interpreting such.  English is the "official" language of the website, you can use Google Translate to translate to English before posting.
 
Thanks :).
 
Louis


Edited by bloopie, 10 July 2013 - 06:03 PM.
changed "French" to "English" in beginning of final paragraph


#7 vulcain

vulcain
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 10 July 2013 - 11:21 AM

Hello,
here is the report
cordially

 

 

 

 

 

==================================================
Dump File : 070713-38204-01.dmp
Crash Time : 07/07/2013 18:38:57
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff500`096c3021
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`047ca012
Parameter 4 : 00000000`00000007
Caused By Driver : usbohci.sys
Caused By Address : usbohci.sys+5a636c0
File Description : OHCI USB Miniport Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 : 
Stack Address 2 : 
Stack Address 3 : 
Computer Name : 
Full Path : C:\Windows\Minidump\070713-38204-01.dmp
Processors Count : 6
Major Version : 15
Minor Version : 7601
Dump File Size : 286 476
Dump File Time : 07/07/2013 18:39:55
==================================================



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:05 PM

Posted 10 July 2013 - 11:54 AM

This error is related to a Windows driver, specifically a USB driver.  To resolve this run sfc /scannow.

 

The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.
 
Click on the Start orb startorb_zps06e1f985.png, then type in cmd in the Search programs and files.
 
cmd will appear in Programs above, right click on it, then click on Run as administrator.   
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.  
 
A page similar to the one below will open.
 
Screenshot2.jpg
 
Type in sfc /scannow and then press Enter to start the scan.
 
If the scan finds no problem in the first portion of the scan it may stop, if it does not restart within five minutes type in exit and press Enter to stop the scan.

Edited by dc3, 10 July 2013 - 12:04 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 vulcain

vulcain
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 10 July 2013 - 01:28 PM

Hello,
 
thank you, we will execute the command
We will keep you informed of the solution
cordially


#10 vulcain

vulcain
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 10 July 2013 - 02:56 PM

Hello,
 
No error found


#11 live_pc_expert

live_pc_expert

  • Banned
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 10 July 2013 - 05:37 PM

Farbar Scanner is not such a TOO BAD APPLICATION. But as you have faced an
issue with it that does not mean that you or everyone will face issues with
it.
Whenever a antivirus runs a scan then it gives you the name of the infected
file. If it’s a system file and Faber Scanner might not have cured or
replaced the file properly hence you might have started getting the Stop
Error.
Inform about the Stop Error that you are getting so that we can provide you
with a solution.


#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:05 PM

Posted 10 July 2013 - 06:08 PM

Farbar Scanner is not such a TOO BAD APPLICATION. But as you have faced an
issue with it that does not mean that you or everyone will face issues with
it.
Whenever a antivirus runs a scan then it gives you the name of the infected
file. If it’s a system file and Faber Scanner might not have cured or
replaced the file properly hence you might have started getting the Stop
Error.
Inform about the Stop Error that you are getting so that we can provide you
with a solution.

 

Farbar Scanner...is not an AV program and it does not remove malware of any sort.

 

From the download page:  "Farbar Service Scanner, or FSS,  is a small portable tool that allows you to diagnose network connectivity issues due to corrupted or missing Windows services. Certain malware, such as TDSS, may delete or corrupt Windows services, which would cause your computer to no longer have network connectivity. When FSS is run it will display a detailed report on the services, driver services, their configurations and the files that are responsible for network connectivity. Using this information a user can diagnose issues with their network connectivty as well as other Microsoft services."

 

Louis



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:05 AM

Posted 10 July 2013 - 06:19 PM

Hello vulcain,

There is nothing wrong with Farbar Service Scanner as far as I know. The tool is safe to use.
 

Whenever a antivirus runs a scan then it gives you the name of the infected
file. If it’s a system file and Faber Scanner might not have cured or
replaced the file properly hence you might have started getting the Stop
Error.


Farbar Service Scanner is not a fix tool and will not attempt to "fix" or "replace" any system file(s). It will simply inform you of a file that may not have the correct MD5, and flag it as a file that may need attention. The tool is for diagnosis only, but comes with other useful functions like a "search" feature to search for possible good copies of a file in question.

==========

Let me try to clarify your issue a bit, please tell me if I am correct here:

 

a friend used Farbar Scanner service to see what it says
PC is a 64bit, it blocked BSOD, a reboot and everything became normal.

 

With the above from your first post, you're saying that FSS has been blocked from running? And then your friend got a stop error pointing to a USB driver?

 

Is your friend trying to run the tool from a USB device? I'd advise to download a fresh copy of the tool from HERE, and save it to the desktop. Then try to run the tool from there. If successful, please copy and paste the resultant log in your next reply.

 

bloopie


Edited by bloopie, 10 July 2013 - 06:22 PM.
cross-posted


#14 vulcain

vulcain
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:05:05 AM

Posted 11 July 2013 - 10:15 AM

Hello,
 
for proper execution of FFS, it had to do with the administrator mode, despite the UAC disabled.
cordially

 

 

 

 

 

Farbar Service Scanner Version: 10-07-2013 01
Ran by Admin (administrator) on 11-07-2013 at 16:34:34
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:05 AM

Posted 11 July 2013 - 03:35 PM

Hello again,

 

for proper execution of FFS, it had to do with the administrator mode, despite the UAC disabled.

Most diagnostic and antimalware tools will require you to "Run As Administrator", on Vista OS's and up.

 

Is your friend using Microsoft Security Essentials as their resident Antivirus Program? And do they know that their Windows firewall is turned off?

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users