BSOD "page fault in nonpaged area"  0x00000050

Posted on 2007-08-04
Last Modified: 2013-11-17
BSOD "page fault in nonpaged area" on a Toshiba G30 laptop with 1G ram. XP SP2. Event viewer says "The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xb6a26070, 0x00000001, 0x804da12e, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP." Can't get any further than safe mode. No new hardware / software etc. Please help asap.
Question by:Rodgibbo1
    LVL 32

    Expert Comment

    If you are able to get into safe mode then it is probably a buggy or malicious(read virus or trojan) driver causing the issue.
    While in safe mode check the event viewer in the control panel-->administrative tools for indications of what may be implicated. Post any recent events marked red, here.

    Here are some 0x50 troubleshooting guidelines.


    Author Comment

    Event viewer says "The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xb6a26070, 0x00000001, 0x804da12e, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP."
    LVL 13

    Expert Comment

    LVL 13

    Expert Comment

    Take a look in the red line and try the solution:

    Hope this help ....

    Author Comment

    Yeah have tried all these - still no joy. There were no malicious drivers detected.
    LVL 5

    Accepted Solution

    This can also be caused by a failing hard drive, or bad sectors on the drive.. If possible, runa  chkdsk /r and reboot.
    If you have any hard drive test software that you can boot from, I'd recommend it.
    LVL 5

    Expert Comment

    If you can't boot at all, try to press F8 at the startup and go into safe mode command prompt only. This will let you run the chkdsk /r

    Author Comment

    Havent tried that yet. Thanks. Will keep you posted.

    Author Comment

    Ran CHKDSK in safe mode. rebooted and got same BSOD with same error - 0x00000050 (0xb6a26070, 0x00000001, 0x804da12e, 0x00000000)
    LVL 47

    Expert Comment

    If you have access to another pc to download a file.

    Try running this tool in safe mode.
    Download SDFix and save it to your desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    *  Instead of Windows loading as normal, a menu with options should appear;
    *  Select the first option, to run Windows in Safe Mode, then press "Enter".
    *  Choose your usual account.

    *  Open the extracted folder and double click "RunThis.bat" to start the script.
    *  Type "Y" to begin the script.
    *  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    *  Press any Key and it will restart the PC.
    *  Your system will take longer that normal to restart as the fixtool will be running and removing files.
    *  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
    *  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back

    Or, this one maybe, or a Hijackthis log
    Download ComboFix to your Desktop, from either of these locations:

    Double click "combofix.exe" and follow the prompts.
    When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Author Comment

    OK gamergirl. 3.30am pacific time though. Will sleep on it and get back to you.
    LVL 29

    Expert Comment

    by:Alan Huseyin Kayahan
             Please upload that dmp file to for us to analyze

    LVL 31

    Expert Comment

    Sometimes the error you describe is related to the swap file (page file). One possible test as part of the troubleshooting, is to remove the swap file and then re-create one, using a (not too big) fixed size for it. That will probably cause it to use other parts of disk surface and it may help. A thorough hard drive test, as suggested already, is of course of the essence. Chkdsk is not the right tool for this; AFAIK. It checks the file system but not the surface, I think.

    Author Comment

    Can i do a harddrive test in safe mode ?
    If so, whats the best online harddrive test i can get (are there any good ones that are free)
    LVL 31

    Assisted Solution

    A hard drive test is normally done with the use of a bootable media and each HD manufacturer will probably have a utility for download - for free. The "Ultimate Boot CD" incorporates several tools for testing HDs. That's a bootable CD that you make yourself after downloading (for free) an image file (.iso); see this site:

    LVL 13

    Expert Comment

    by:lauchangkwang               Drive Fitness Test               Maxtor & Quantum Fujitsu     Samsung               Seagate                    Western Digital             IBM & Hitachi  DFT

    You can have a try for that software provided by the manufacturer (base on your HD manufacturer) .... hope that help ...... And make sure you backup those important files before you test it out.

    Author Comment

    Yo gamergirl,
    Here's the report txt from SDFix:
    SDFix: Version 1.95
    Run by Rod on Mon 06/08/2007 at 03:38 p.m.
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Safe Mode:
    Checking Services:
    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    LVL 47

    Expert Comment

    Is that all? that doesn't seem right, even if it didn't find anything that report is awfully short and looks incomplete, :)

    You've ruled-out hardware/software or driver issues?
    Can you try and run another tool?
    Download ComboFix to your Desktop, from either of these locations:

    Double click "combofix.exe" and follow the prompts.
    When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Author Comment

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:18:27 a.m., on 7/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
    O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    ComboFix 07-08-04.3 - "Rod" 2007-08-07  8:04:35.1 [GMT 12:00] - NTFS [SAFE MODE]
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.True

    (((((((((((((((((((((((((   Files Created from 2007-07-06 to 2007-08-06  )))))))))))))))))))))))))))))))

    2007-08-07 08:04      51,200      --a------      C:\WINDOWS\nircmd.exe
    2007-08-06 15:20      <DIR>      d--------      C:\WINDOWS\ERUNT
    2007-08-03 08:08      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-08-03 08:06      <DIR>      d--------      C:\Program Files\VideoCAM Eye
    2007-08-03 08:06      <DIR>      d--------      C:\Program Files\Common Files\VCAMEye
    2007-08-03 08:04      <DIR>      d--------      C:\Program Files\Common Files\DirectX
    2007-08-02 14:18      <DIR>      d--hs----      C:\WINDOWS\CSC
    2007-08-01 17:00      7,077,888      --a------      C:\DOCUME~1\Rod\ntuser.dat
    2007-07-31 15:15      <DIR>      d--------      C:\Program Files\iTunes
    2007-07-31 15:13      <DIR>      d--------      C:\Program Files\Common Files\Apple
    2007-07-31 15:07      <DIR>      d--------      C:\Program Files\QuickTime
    2007-07-12 22:08      98,304      --a------      C:\WINDOWS\system32\rsnpstd.dll
    2007-07-12 22:08      61,440      --a------      C:\WINDOWS\system32\csnpstd.dll
    2007-07-12 22:08      53,248      --a------      C:\WINDOWS\system32\dsnpstd.dll
    2007-07-12 22:08      390,912      --a------      C:\WINDOWS\system32\drivers\snpstd.sys
    2007-07-12 22:08      36,864      --a------      C:\WINDOWS\system32\vsnpstd.dll
    2007-07-12 22:08      286,720      --a------      C:\WINDOWS\vsnpstd.exe
    2007-07-12 22:08      <DIR>      d--------      C:\WINDOWS\Album
    2007-07-08 03:09      1,100      --a------      C:\WINDOWS\system32\d3d8caps.dat

    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 00:14      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\Skype
    2007-08-04 00:27      ---------      d--------      C:\Program Files\e-Sword
    2007-08-03 08:06      ---------      d--------      C:\Program Files\Common Files\Symantec Shared
    2007-07-31 19:33      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\Apple Computer
    2007-07-31 15:15      ---------      d--------      C:\Program Files\iPod
    2007-07-26 20:20      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\Canon
    2007-07-17 11:13      ---------      d--------      C:\Program Files\Norton Internet Security
    2007-07-13 11:13      43520      --a------      C:\WINDOWS\system32\CmdLineExt03.dll
    2007-07-12 22:08      ---------      d--h-----      C:\Program Files\InstallShield Installation Information
    2007-07-05 15:41      ---------      d--------      C:\Program Files\EA GAMES
    2007-06-18 00:40      4581246      --a------      C:\WINDOWS\Screensaver-Slideshow.scr
    2007-06-17 14:36      ---------      d--------      C:\Program Files\Smart PDF Converter
    2007-06-16 15:20      ---------      d--------      C:\DOCUME~1\Rod\SendTo\APPLIC~1\SolidDocuments
    2007-06-16 14:05      ---------      d--------      C:\Program Files\SolidDocuments
    2007-06-16 01:08      ---------      d--------      C:\Program Files\VeryPDF PDF2Word v3.0
    2007-06-13 11:36      ---------      d--------      C:\Program Files\FLVPlayer
    2007-06-13 11:30      ---------      d--------      C:\Program Files\FLV Player
    2007-05-17 03:12      86528      -----c---      C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-17 03:12      85504      -----c---      C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-17 03:12      683520      --a------      C:\WINDOWS\system32\inetcomm.dll
    2007-05-17 03:12      683520      -----c---      C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-17 03:12      510976      -----c---      C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-17 03:12      1314816      -----c---      C:\WINDOWS\system32\dllcache\msoe.dll
    2006-08-02 14:25      2327233      --a------      C:\Program Files\audacity-win-1.2.4b.exe
    2006-05-26 20:22      45511810      --a------      C:\Program Files\NIS06910AP_2YR.exe
    2006-05-12 00:01      2719485      --a------      C:\Program Files\amp.exe
    2003-07-25 11:38      132096      --a------      C:\Program Files\Common Files\PCSBoff.exe

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown

    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 09:56]
    "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-03-01 20:43]
    "000StTHK"="000StTHK.exe" [2001-06-24 00:28 C:\WINDOWS\system32\000StTHK.exe]
    "TFNF5"="TFNF5.exe" [2005-12-09 13:36 C:\WINDOWS\system32\TFNF5.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 12:13]
    "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 16:43]
    "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-18 07:42]
    "NDSTray.exe"="NDSTray.exe" []
    "TPSMain"="TPSMain.exe" [2005-12-06 20:25 C:\WINDOWS\system32\TPSMain.exe]
    "TPSODDCtl"="TPSODDCtl.exe" [2005-12-06 20:25 C:\WINDOWS\system32\TPSODDCtl.exe]
    "TFncKy"="TFncKy.exe" []
    "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-10-01 05:47]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 01:20]
    "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2005-12-22 17:29]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-09 20:18]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-09 05:58]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-10 08:00]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-27 14:55]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
    "SigmatelSysTrayApp"="stsystra.exe" []
    "McDiags AutoLaunch"="" []
    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
    "SDFix"="C:\SDFix\RunThis.bat /second" []

    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 20:32]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 16:16]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-11-23 09:11]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]

    "SDFix"=C:\SDFix\RunThis.bat /second

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-23 00:16:56]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-08 10:01:32]
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-12-20 11:35:18]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    psqlpwd.dll 2005-12-22 17:42 40448 C:\WINDOWS\system32\psqlpwd.dll

    "Notification Packages"= scecli psqlpwd

    R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys
    R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
    R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
    R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
    R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys
    R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys
    R1 meiudf;meiudf;C:\WINDOWS\system32\Drivers\meiudf.sys
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
    R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
    R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
    S1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
    S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
    S2 FdRedir;FdRedir;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
    S2 FileDisk2;FileDisk Protector Kernel Driver;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
    S2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys
    S2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
    S2 smihlp;SMI helper driver;\??\C:\Program Files\Protector Suite QL\smihlp.sys
    S2 TOS_SPS;TOSHIBA SPS Driver;\??\C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys
    S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
    S3 E100B;Intel(R) PRO Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
    S3 lredbooo;lredbooo;\??\C:\DOCUME~1\Rod\LOCALS~1\Temp\lredbooo.sys
    S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
    S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
    S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
    S3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
    S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
    S3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
    S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
    S3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
    S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
    S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
    S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
    S3 ttv300x;TOSHIBA PCI TV Tuner;C:\WINDOWS\system32\drivers\ttv300x.sys
    S3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys

    *Newly Created Service* - COMHOST

    Contents of the 'Scheduled Tasks' folder
    2007-07-31 03:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-07-20 09:06:14 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Rod.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe


    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
    Rootkit scan 2007-08-07 08:07:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    "DisplayName"="Alcohol 120"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    Completion time: 2007-08-07  8:07:35

    LVL 31

    Expert Comment

    Stunning. I can only say that the amount of HKLM\...\Run  and HKCU\....\Run keys is just huge. I usually aim for <5 such entries. The possibility of a software incompatibility is not unthinkable here. Some sort of cleanout would be my first move.

    Author Comment

    OK. I'm fully ignorant. Talk me through "cleanout".
    LVL 31

    Expert Comment

    OK, I'm a bit rabid when it comes to autostarting items, which is what those entries are. My view may not be representative of the normal view among windows users. However, the principle is that you identify the crucial processes (for a laptop, that would in my view include the touchpad driver (SyntpEnh), the wireless driver if you are on wireless network, and the antivirus) and then you delete the rest of the keys.

    However, messing with the registry may cause odd effects; if something important is removed from here, some functions you like may disappear. I can't expand on this until later today, so perhaps someone with a more sensible view on autostart may be able to helt you before that.

    Assisted Solution

    Pagefault in nonpaged area, means a page fault in memory (RAM). This excludes the harddrive. Spyware or other malware is a possibility. But more ovius it the possibilty of RAM failure. If you have more than one RAM module installed try to remove one and see if the failure is persistant. mIf so try to switch the modules arround. This kind of problem could also come fro a overheating problem try cleaning fans and air outlets of the computer.

    Expert Comment

    I concur with last post, I've found these to generally be RAM related.  Crack the case, clean the board, if more than one RAM module; try booting with one stick at a time, make sure both sticks are ID'd in the BIOS, delete the page file and then recreate it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Suggested Solutions

    How can this article save you time AND money?  In just a few minutes you may discover something you didn't know existed that is easy enough for you to fix yourself!
    Lithium-ion batteries area cornerstone of today's portable electronic devices, and even though they are relied upon heavily, their chemistry and origin are not of common knowledge. This article is about a device on which every smartphone, laptop, an…
    The viewer will learn how to download and install Comodo Backup on Windows 7. Comodo Backup is another solution for backing up your computer. It is free for local backup and online backup has differing amounts depending on storage required. In my op…
    The viewer will learn how to back up with the free utility from runtime software, DriveImageXML using Windows 8. Download DriveImageXML from Open folder where it was saved: Start installation by double clicking the install scrip…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now