Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

BSOD "page fault in nonpaged area"  0x00000050

Posted on 2007-08-04
27
Medium Priority
?
22,870 Views
Last Modified: 2013-11-17
BSOD "page fault in nonpaged area" on a Toshiba G30 laptop with 1G ram. XP SP2. Event viewer says "The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xb6a26070, 0x00000001, 0x804da12e, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP." Can't get any further than safe mode. No new hardware / software etc. Please help asap.
0
Comment
Question by:Rodgibbo1
  • 9
  • 4
  • 3
  • +6
24 Comments
 
LVL 32

Expert Comment

by:Mark
ID: 19630521
If you are able to get into safe mode then it is probably a buggy or malicious(read virus or trojan) driver causing the issue.
While in safe mode check the event viewer in the control panel-->administrative tools for indications of what may be implicated. Post any recent events marked red, here.

Here are some 0x50 troubleshooting guidelines. http://www.aumha.org/a/stop.php#0x50

0
 

Author Comment

by:Rodgibbo1
ID: 19630541
Event viewer says "The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xb6a26070, 0x00000001, 0x804da12e, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP."
0
 
LVL 13

Expert Comment

by:lauchangkwang
ID: 19630562
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:lauchangkwang
ID: 19630574
Take a look in the red line and try the solution:
http://support.microsoft.com/?kbid=894278&sd=RMVP

Hope this help ....
0
 

Author Comment

by:Rodgibbo1
ID: 19630706
Yeah have tried all these - still no joy. There were no malicious drivers detected.
0
 
LVL 5

Accepted Solution

by:
thecomputerdocs earned 672 total points
ID: 19631124
This can also be caused by a failing hard drive, or bad sectors on the drive.. If possible, runa  chkdsk /r and reboot.
If you have any hard drive test software that you can boot from, I'd recommend it.
0
 
LVL 5

Expert Comment

by:thecomputerdocs
ID: 19631129
If you can't boot at all, try to press F8 at the startup and go into safe mode command prompt only. This will let you run the chkdsk /r
0
 

Author Comment

by:Rodgibbo1
ID: 19631131
Havent tried that yet. Thanks. Will keep you posted.
0
 

Author Comment

by:Rodgibbo1
ID: 19631173
Ran CHKDSK in safe mode. rebooted and got same BSOD with same error - 0x00000050 (0xb6a26070, 0x00000001, 0x804da12e, 0x00000000)
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19631214
Hi,
If you have access to another pc to download a file.

Try running this tool in safe mode.
Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


Or, this one maybe, or a Hijackthis log
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 

Author Comment

by:Rodgibbo1
ID: 19631247
OK gamergirl. 3.30am pacific time though. Will sleep on it and get back to you.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 19631637
         Please upload that dmp file to www.ee-stuff.com for us to analyze

Regards
0
 
LVL 31

Expert Comment

by:rid
ID: 19634827
Sometimes the error you describe is related to the swap file (page file). One possible test as part of the troubleshooting, is to remove the swap file and then re-create one, using a (not too big) fixed size for it. That will probably cause it to use other parts of disk surface and it may help. A thorough hard drive test, as suggested already, is of course of the essence. Chkdsk is not the right tool for this; AFAIK. It checks the file system but not the surface, I think.
/RID
0
 

Author Comment

by:Rodgibbo1
ID: 19635136
Can i do a harddrive test in safe mode ?
If so, whats the best online harddrive test i can get (are there any good ones that are free)
0
 
LVL 31

Assisted Solution

by:rid
rid earned 664 total points
ID: 19635172
A hard drive test is normally done with the use of a bootable media and each HD manufacturer will probably have a utility for download - for free. The "Ultimate Boot CD" incorporates several tools for testing HDs. That's a bootable CD that you make yourself after downloading (for free) an image file (.iso); see this site: http://www.ultimatebootcd.com/download.html

/RID
0
 
LVL 13

Expert Comment

by:lauchangkwang
ID: 19635773
http://www.hitachigst.com/hdd/support/download.htm               Drive Fitness Test
http://www.maxtor.com/en/support/products/index.htm               Maxtor & Quantum
http://www.fcpa.fujitsu.com/support/hard-drives/software_utilities.html#diagnostic Fujitsu
http://www.samsung.com/Products/HardDiskDrive/utilities/shdiag.htm     Samsung
http://www.seagate.com/support/seatools/index.html               Seagate
http://support.wdc.com/download/#diagutils                    Western Digital
http://www.hgst.com/hdd/support/download.htm             IBM & Hitachi  DFT

You can have a try for that software provided by the manufacturer (base on your HD manufacturer) .... hope that help ...... And make sure you backup those important files before you test it out.
0
 

Author Comment

by:Rodgibbo1
ID: 19636309
Yo gamergirl,
Here's the report txt from SDFix:
SDFix: Version 1.95
Run by Rod on Mon 06/08/2007 at 03:38 p.m.
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19637827
Is that all? that doesn't seem right, even if it didn't find anything that report is awfully short and looks incomplete, :)

You've ruled-out hardware/software or driver issues?
Can you try and run another tool?
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 

Author Comment

by:Rodgibbo1
ID: 19641315
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:27 a.m., on 7/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148279489703
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


combofix
ComboFix 07-08-04.3 - "Rod" 2007-08-07  8:04:35.1 [GMT 12:00] - NTFS [SAFE MODE]
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.True


(((((((((((((((((((((((((   Files Created from 2007-07-06 to 2007-08-06  )))))))))))))))))))))))))))))))


2007-08-07 08:04      51,200      --a------      C:\WINDOWS\nircmd.exe
2007-08-06 15:20      <DIR>      d--------      C:\WINDOWS\ERUNT
2007-08-03 08:08      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-03 08:06      <DIR>      d--------      C:\Program Files\VideoCAM Eye
2007-08-03 08:06      <DIR>      d--------      C:\Program Files\Common Files\VCAMEye
2007-08-03 08:04      <DIR>      d--------      C:\Program Files\Common Files\DirectX
2007-08-02 14:18      <DIR>      d--hs----      C:\WINDOWS\CSC
2007-08-01 17:00      7,077,888      --a------      C:\DOCUME~1\Rod\ntuser.dat
2007-07-31 15:15      <DIR>      d--------      C:\Program Files\iTunes
2007-07-31 15:13      <DIR>      d--------      C:\Program Files\Common Files\Apple
2007-07-31 15:07      <DIR>      d--------      C:\Program Files\QuickTime
2007-07-12 22:08      98,304      --a------      C:\WINDOWS\system32\rsnpstd.dll
2007-07-12 22:08      61,440      --a------      C:\WINDOWS\system32\csnpstd.dll
2007-07-12 22:08      53,248      --a------      C:\WINDOWS\system32\dsnpstd.dll
2007-07-12 22:08      390,912      --a------      C:\WINDOWS\system32\drivers\snpstd.sys
2007-07-12 22:08      36,864      --a------      C:\WINDOWS\system32\vsnpstd.dll
2007-07-12 22:08      286,720      --a------      C:\WINDOWS\vsnpstd.exe
2007-07-12 22:08      <DIR>      d--------      C:\WINDOWS\Album
2007-07-08 03:09      1,100      --a------      C:\WINDOWS\system32\d3d8caps.dat


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 00:14      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\Skype
2007-08-04 00:27      ---------      d--------      C:\Program Files\e-Sword
2007-08-03 08:06      ---------      d--------      C:\Program Files\Common Files\Symantec Shared
2007-07-31 19:33      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\Apple Computer
2007-07-31 15:15      ---------      d--------      C:\Program Files\iPod
2007-07-26 20:20      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\Canon
2007-07-17 11:13      ---------      d--------      C:\Program Files\Norton Internet Security
2007-07-13 11:13      43520      --a------      C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-12 22:08      ---------      d--h-----      C:\Program Files\InstallShield Installation Information
2007-07-05 15:41      ---------      d--------      C:\Program Files\EA GAMES
2007-06-18 00:40      4581246      --a------      C:\WINDOWS\Screensaver-Slideshow.scr
2007-06-17 14:36      ---------      d--------      C:\Program Files\Smart PDF Converter
2007-06-16 15:20      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\SolidDocuments
2007-06-16 14:05      ---------      d--------      C:\Program Files\SolidDocuments
2007-06-16 01:08      ---------      d--------      C:\Program Files\VeryPDF PDF2Word v3.0
2007-06-13 11:36      ---------      d--------      C:\Program Files\FLVPlayer
2007-06-13 11:30      ---------      d--------      C:\Program Files\FLV Player
2007-05-17 03:12      86528      -----c---      C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 03:12      85504      -----c---      C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 03:12      683520      --a------      C:\WINDOWS\system32\inetcomm.dll
2007-05-17 03:12      683520      -----c---      C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 03:12      510976      -----c---      C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 03:12      1314816      -----c---      C:\WINDOWS\system32\dllcache\msoe.dll
2006-08-02 14:25      2327233      --a------      C:\Program Files\audacity-win-1.2.4b.exe
2006-05-26 20:22      45511810      --a------      C:\Program Files\NIS06910AP_2YR.exe
2006-05-12 00:01      2719485      --a------      C:\Program Files\amp.exe
2003-07-25 11:38      132096      --a------      C:\Program Files\Common Files\PCSBoff.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 09:56]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-03-01 20:43]
"000StTHK"="000StTHK.exe" [2001-06-24 00:28 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2005-12-09 13:36 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 12:13]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 16:43]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-18 07:42]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2005-12-06 20:25 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-12-06 20:25 C:\WINDOWS\system32\TPSODDCtl.exe]
"TFncKy"="TFncKy.exe" []
"Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-10-01 05:47]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 01:20]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2005-12-22 17:29]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-09 20:18]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-09 05:58]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-10 08:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-27 14:55]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"SigmatelSysTrayApp"="stsystra.exe" []
"McDiags AutoLaunch"="" []
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"SDFix"="C:\SDFix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 20:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 16:16]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-11-23 09:11]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SDFix"=C:\SDFix\RunThis.bat /second

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-23 00:16:56]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-08 10:01:32]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-12-20 11:35:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2005-12-22 17:42 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys
R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys
R1 meiudf;meiudf;C:\WINDOWS\system32\Drivers\meiudf.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
S2 FdRedir;FdRedir;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
S2 FileDisk2;FileDisk Protector Kernel Driver;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
S2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys
S2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
S2 smihlp;SMI helper driver;\??\C:\Program Files\Protector Suite QL\smihlp.sys
S2 TOS_SPS;TOSHIBA SPS Driver;\??\C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 E100B;Intel(R) PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 lredbooo;lredbooo;\??\C:\DOCUME~1\Rod\LOCALS~1\Temp\lredbooo.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
S3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
S3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
S3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
S3 ttv300x;TOSHIBA PCI TV Tuner;C:\WINDOWS\system32\drivers\ttv300x.sys
S3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-31 03:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-07-20 09:06:14 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Rod.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 08:07:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07  8:07:35

0
 
LVL 31

Expert Comment

by:rid
ID: 19641391
Stunning. I can only say that the amount of HKLM\...\Run  and HKCU\....\Run keys is just huge. I usually aim for <5 such entries. The possibility of a software incompatibility is not unthinkable here. Some sort of cleanout would be my first move.
/RID
0
 

Author Comment

by:Rodgibbo1
ID: 19641421
OK. I'm fully ignorant. Talk me through "cleanout".
0
 
LVL 31

Expert Comment

by:rid
ID: 19643342
OK, I'm a bit rabid when it comes to autostarting items, which is what those entries are. My view may not be representative of the normal view among windows users. However, the principle is that you identify the crucial processes (for a laptop, that would in my view include the touchpad driver (SyntpEnh), the wireless driver if you are on wireless network, and the antivirus) and then you delete the rest of the keys.

However, messing with the registry may cause odd effects; if something important is removed from here, some functions you like may disappear. I can't expand on this until later today, so perhaps someone with a more sensible view on autostart may be able to helt you before that.
Cheers
/RID
0
 

Assisted Solution

by:JacobsenDenmark
JacobsenDenmark earned 664 total points
ID: 19651986
Pagefault in nonpaged area, means a page fault in memory (RAM). This excludes the harddrive. Spyware or other malware is a possibility. But more ovius it the possibilty of RAM failure. If you have more than one RAM module installed try to remove one and see if the failure is persistant. mIf so try to switch the modules arround. This kind of problem could also come fro a overheating problem try cleaning fans and air outlets of the computer.
0
 

Expert Comment

by:lpmcginnis
ID: 19688612
I concur with last post, I've found these to generally be RAM related.  Crack the case, clean the board, if more than one RAM module; try booting with one stick at a time, make sure both sticks are ID'd in the BIOS, delete the page file and then recreate it.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Computer running slow? Taking forever to open a folder, documents, or any programs that you didn't have an issue with before? Here are a few steps to help speed it up. The programs mentioned below ALL have free versions, you can buy them if you w…
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses
Course of the Month20 days, 19 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question