Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP machine freezes or crashes to blue screen


  • Please log in to reply
65 replies to this topic

#61 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:12 PM

Posted 29 December 2016 - 08:44 AM

It's a delicate balance when several people are contributing to a topic.
You don't want to hurt feelings, but you may see things that I don't notice.

 

I try to adhere to the "do no harm" ethic when there's several of us contributing.

That is, when I post my advice, I try not to detract from anyone else's advice.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

BC AdBot (Login to Remove)

 


#62 anonanon

anonanon
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 29 December 2016 - 11:37 AM

shadow_647,

 

Thanks for chiming in to this discussion.

 

Sorry about the DOC file I attached previous.  I've attached two JPEGs showing the processor explorer results to this email.  If that doesn't work for you, I'll deal with postimage, but I'd rather not create an account there for a one-time use.

 

Roger

Attached Files

  • Attached File  pe1.jpg   160.05KB   0 downloads
  • Attached File  pe2.jpg   151.58KB   0 downloads


#63 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 29 December 2016 - 03:01 PM

interesting.............

 

Should have asked you to do this before, my bad, but you seem to have a lot of SVChost.exe action going on, lets see if we have any spys going on in their and who is using the network.

 

First lets verify some processes, open up process explorer and go to the top right, click on options and check off the verify image signatures, it will need the internet at this point to check things, let it get pass your firewall.

 

pe1.jpg

 

next "top right" click on view ~ select columns, select process network tab and click on receives / sends / receive bytes / send bytes.

 

pe2.jpg

 

pe3.jpg

 

pe4.jpg

 

All the SVChost.exe should check out and verify , if any don't then their fake, as well now you can see whats phoning home and using the network.

 

Keep an eye on that topic, malware loves to phone home or camp open ports so as to wait for orders, why do this, don't know but this is how one checks for trojen and virus action the hardway when automated ways of detecting problems fail and don't find anything.

 

And last if you want to humor me, click on start/run ~ enter "cmd.exe", a window should open up, this is old command line what kind of replaced good old DOS 6.22

 

Type in netstat -anob and press enter, take a screen shot of that plz.

Make shoure when you do this if possable to close everything down that uses networks.

 

Report any odd network action you see and whats doing it.

 

Ps my self id give that computer a good clean, might be all thats going on.

 

 



#64 anonanon

anonanon
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 29 December 2016 - 04:09 PM

I followed your instructions.

 

All the svchost.exe processes came back as Verified (Microsoft Windows Component Publisher).

 

When I added the columns for send and receive bytes, etc., some of those processes got numbers, others remained blank.

 

Attached are screenshots of what the netstat -anob command produced.

 

I can't object to a good cleaning, but when this problem first occurred, I tried that with the tools I was using then -- MSSE, Malwarebytes, and Spybot Search and Destroy.  They found nothing, or nearly nothing, and had no effect on the intermittent problem.  But I'm willing to try again.  Which tools do you recommend?

 

Roger

 

 

Attached Files



#65 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 29 December 2016 - 05:28 PM

All the svchost.exe processes came back as Verified (Microsoft Windows Component Publisher).

 

Probably means their real, so good news here.

 

When I added the columns for send and receive bytes, etc., some of those processes got numbers, others remained blank.

 

Ones that are blank aren't doing anything on the network, ones that are are the ones to keep your eye on as they might be phoning home.

 

I can't object to a good cleaning, but when this problem first occurred, I tried that with the tools I was using then -- MSSE, Malwarebytes, and Spybot Search and Destroy.  They found nothing, or nearly nothing, and had no effect on the intermittent problem.  But I'm willing to try again.  Which tools do you recommend?

 

By cleaning i meant removing hardware and cleaning it with electronic contact cleaner or in a pinch you can use rubbing alcohol or zippo fuel as well as reseating all hardware a feu times, didn't mean clean as is looking for virus/malware action with software.

Remember to let the computer dry some depending what you use to clean things with, some of the liquids can catch fire with one spark, best to let it dry before powering up the computer, depending what you use this doesn't take long in any case.

 

After that the next faze is to stress test the computer to see if a clean changed anything, main problem you have from what i understand is the computer is unstable.

 

After that if its still a problem i would under-clock the system as well as put the bios in to safe mode, this is to check for electromigration, you see as different parts of the computer get old sometimes they cant hold the same speed that they one were able to hold, giving a little more volts or slowing em down a little or better cooling are the ways to fix this problem, or just out right changing parts.

 

https://en.wikipedia.org/wiki/Electromigration

 

Remember when you do this to remove the power cord from the computer and wait 10 sec before touching anything  and to touch the computer case one with your finger so as to remove static from your body.

At the same time look for any sines of damage to anything as well as check for bad caps.

 

https://en.wikipedia.org/wiki/Capacitor_plague

 

btw in your netstat pics you have something called capturescreenshot.exe port 80 ip 216.58.219.206

 

https://who.is/whois-ip/ip-address/216.58.219.206

 

Don't know what that douse but it seems like Google Inc spyware to me and i relly don't like what its called, you all so have a lot of stuff running in your network stack including but not limited too the scary net-bios ports.

 

https://www.grc.com/port_137.htm

 

If your not sharing files on a network "lan" i would recommend you turn the ports 137,138,138,445 off, their like hacker city ports.

 

Was wondering as well what firewall are you using ?

 

As well this might be of some use to you seeing as your still in winxp as i am.

 

https://www.bleepingcomputer.com/forums/t/634849/services-to-remove-from-win-xp/


Edited by shadow_647, 29 December 2016 - 11:42 PM.


#66 anonanon

anonanon
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 11 February 2017 - 02:54 PM

Dear All,

 

I have a new working hypothesis:  that the highly intermittent freezes and BSODs have been due to an instability in the Windows XP OS caused by trying to operate programs before the OS have fully started up.  The freezes have always occurred within the first 5-10 minutes of a fresh startup.  For the last 3 weeks, I've been waiting longer before opening any programs, and did not have any of these freezeups.

 

I'll post again in a few months if this proves to be a long-term solution.

 

Roger






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users