Hi Everyone!

I am in dire straits right now. Unfortunately I do not have access to my Windows XP disk and I am not going to have access to it for 2 weeks as Im on a business trip. My computer is getting a blue screen of death with this message in the white text on the blue screen...

PAGE_FAULT_IN_A_NONPAGED_AREA

Then below it says....

STOP: 0X00000050 (0XBAD0B148,0X00000000,0X805BA00F,0X00000002)

If anyone could let me know what is going on and a possible fix that would be great. I have 5gb HDD space and I will try to burn some stuff to DVD and see if that is the problem but I have attempted twice and I get the BSD....

PLEASE HELP!!!! I have a presentation tomorrow evening!

Thanks!!!!!!!

Is it doing this at startup or during you working?

perhaps memory?

I am working when this happens....starts up fine

i have had a problem like this in our desktop. you should do the following: download hd smart(or anything that reads SMART) and make sure the smart readings are ok. if so then it's memory i think, but we never did anything. if there is no problem with the hd, then just burn your presentation, and use someone else's laptop (don't want your presentation to die while you're presenting it XD). good luck with your trip man.

Registry check? Tuneup Utilities 2007 trial, but it could be your memory.... And that ain't good.

EDIT: a bit of a cop-out but try looking at this, read it all
http://forumz.tomshardware.com/hardware/Step-Troubleshooting-ftopict178213.html

Not that this is the case but I went to the MS website and my error matched something for a malware rootkit bad thingy...LOL....

I am trying to see if this is indeed the case then I am going to attack the tests for the computer....

Any recommendations for free software to scan?

BTW...I did burn the presentation to DVD but until I can confirm its safe then I may not be able to run it on another computer. I cant chance infecting another computer if this is the case.

However, knock on wood, I have NEVER received a virus/trojan etc EVER...Im pretty anal about that stuff so if it got on the computer I have no idea how!

Any other thoughts?????

Thanks

do you get "cannot read form 2x000x0010x" something in windows? then you might want to change to some more branded RAM, i can recommend OCZ's SO-DIMM, good quality!

No...I wrote what I got for the message. Doing a full scan again with all my ad/spy/antivirus and the MS mal software removal tool.

Maybe it is ram....dont know....system has been stable for about an hour now.

Does anyone think that perhaps I didnt have enough free space on the HDD? I only had 5.8 GB free I think.

Thanks

that error is caused by data corruption.

Its either bad memory, or something corrupt on the hard drive. (dropping the laptop or a virus can cause that)

If you want to virus scan it, use the nod32 trial. If you want to test the ram, use memtest - its a bootable CD.

As for the hard drive, run chkdsk to see if anythings wrong with it.

oh and 5.8GB is fine, only worry if its less than 1GB.

Sorry for the basic questions on this but just where do I run memtest from? and chkdsk...are these just run from the Run command???? Is there a built in windows function for this?

start-> run -> cmd ok
chkdsk C: /f /r
hit Y (for yes) then enter. restart the PC and it will check teh drive.

Memtest is from www.memtest.org, download the ISO file, burn it to a CD then put the CD in your drive and restart the PC - it should boot automatically.

This will confuse you now, but hit the following keys once memtest starts to loop the right test - C 1 3 5 enter 0 (Memtest resembles dos, there is no mouse interface)

Help with the ISO? I downloaded the file but not sure how to make it a file on the CD...I have Roxio Easy Cd/DVD creator 6.

Sorry for the lack of knowledge...drove 12 hours to get here now frazzled and confused...thanks again...this is why TPU rocks!!!!!!!

well double clicked on the iso file in the zip and its doing something...will keep you all posted....Thanks again!

Hi Everyone!

I am in dire straits right now. Unfortunately I do not have access to my Windows XP disk and I am not going to have access to it for 2 weeks as Im on a business trip. My computer is getting a blue screen of death with this message in the white text on the blue screen...

PAGE_FAULT_IN_A_NONPAGED_AREA

Then below it says....

STOP: 0X00000050 (0XBAD0B148,0X00000000,0X805BA00F,0X00000002)

If anyone could let me know what is going on and a possible fix that would be great. I have 5gb HDD space and I will try to burn some stuff to DVD and see if that is the problem but I have attempted twice and I get the BSD....

PLEASE HELP!!!! I have a presentation tomorrow evening!

Thanks!!!!!!!



Where are you at... I can send you an XP disk. No charge. Just hit me up on shipping when you get back.

EDIT : sorry... I didnt see you needed this fixed by tomorrow.

Did you OC your machine?

you have to burn it off as a CD... double clicking and so on wont work.

I dont know if roxio has .ISO support, as i use nero here.

Guys....I did the chkdsk.....had to leave for a few...took a LONG time but windowsbooted up fine


IS there a place to check and see if it was OK like a log somewhere? When I returned it was running fine.

D44ve thanks for the offer...I may have to take you up on it tomorrow but right now still trouble shoothing this beast. This is not OC'd...this is my laptop...my gamerig is OC'd and is a clean running machine!

For some reason the disk will not boot for mtest.....roxio did the iso thing but I may have to try again....down to my last 5 cds tonight....LOL.....

THanks again and ill be trying to work this for the next couple of hours....hopefully I can get it working right.....btw...you are all awesome for the help!

when burning an ISO file, you dont just copy it over to the CD, you need to burn it off - its an image, not a file.

Not sure how to explain it best, i know with nero i choose open file, select the ISO and go from there - you dont burn it as a data disk (similar to burning a disk full of MP3's as opposed to a true audio CD)

try defrag your hd to
http://helpdesk.its.uiowa.edu/windows/instructions/defrag.htm

if you get the BSOD when you burn a CD/DVD, then should be the ram, as you copy some of the content into ram (buffer) etc when you burn a CD/DVD

Ok got it running.....after 40 min I couldn't take it any longer...how long does the memtest take?....LOL......

I will attempt the rest of this in the AM...well the PM I suppose......

Thanks for the help fellas...and thanks for the suggestions...I am working this as we speak but I am going to pass out from sleep deprivation in a few.....


Regards!

memtest runs forever and ever and ever. most errors show up in 20 passes, so if you can let it do 50 or so, you know you're safe - anything showing up in red means its errored.

Thanks mussels.......hitting the sack now...will let it run till I awaken....will see how she does!

Ok....problem appears to be solved, at least for the moment! I brought the free space up on the HDD by transferring things to DVD and have about 15GB free now. I ran anti virus scan/Malicious software removal/spybot S&D/Adaware.

So far no problems.

Also did a Chkdsk and Memtest...all seem ok.

Could a large pagefile have caused this due to a lack of HDD space?

its not very likely for a page file to cause problems.

chdsk isnt likely to tell you if it found anything, its not very informative like that. However, it may have fixed things and just not told you.

Thanks mussels!!!! BTW...I really appreciate everyone's help...the presentation went off without a hitch and you all saved my butt last night! Thanks!!!!!

Ok.....now when I close Internet Explorere I get this error sometimes.....this actually has been happening for about a month but its back....

Any thoughts??????

http://i200.photobucket.com/albums/aa226/Guttboy/error.jpg

Ok.....now when I close Internet Explorere I get this error sometimes.....this actually has been happening for about a month but its back....

Any thoughts??????

http://i200.photobucket.com/albums/aa226/Guttboy/error.jpg

Yeah I used to get that on my old computer. One of the following sorted it out as it disappeared after I did all of these. Defrag, Registry cleanup (tuneup2007), Registry defrag(""), and the removal of certain nasties with Ad-aware.

application error - in other words its trying to do something and failing. This could be related to say, spyware or a virus that has been removed.

Try panda activescan to search for viruses (but ignore its silly spyware/etc claims)
http://www.pandasoftware.com/products/ActiveScan.htm

Also download Hijack this, and post a log here - i can at least point out which files to remove. (odds are, somethings attached to IE that shouldnt be and is no longer there - so when it tries to run it crashes IE)

Logfile of HijackThis v1.99.1
Scan saved at 4:19:59 AM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Temp Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SYMANT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Ok.....now when I close Internet Explorere I get this error sometimes.....this actually has been happening for about a month but its back....

Any thoughts??????

http://i200.photobucket.com/albums/aa226/Guttboy/error.jpg

is it twinmos memory by any chanse?
this is a memory error, i have gotten MANY of tese before, its cursed by bad ram!, you can try to defrag HD, defrag Registry , run Registry Clean up with tuneup utilities 2007 http://www.tune-up.com/products/tuneup-utilities/

Ok.....now when I close Internet Explorere I get this error sometimes.....this actually has been happening for about a month but its back....

Any thoughts??????

http://i200.photobucket.com/albums/aa226/Guttboy/error.jpg

I constantly get that, and have done for the past 3 or 4 months. Happens with IE, any Source game, and explorer. I have tried absolutely everything and it has come down to one thing, the memory. The problem is that for some reason the memory is producing an error that wont let it read the part of the memory it needs. The only solution is to replace the memory, and I haven't been able to afford new memory so I'm stuck with the problem for atleast another few weeks until I get paid enough.

Warning: I've pointed out a lot of things in the windows/system32 folder. this is the most common hidey hole for viruses. Rather than delete these files outright, please back them up somewhere safe just in case - its possible they are legit, however unlikely.

These entries in hijack this are startup values, so deleting these doesnt remove the file - merely stops it starting with windows.

[QUOTE=Guttboy;337383]Logfile of HijackThis v1.99.1
Scan saved at 4:19:59 AM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
well first of all, i see symantec - nortons is teh devil. kiiillll it.

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\system32\spoolsv.exe
check this one - i dont think thats where the spool service runs from

C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
whats active card? i dont know this software


C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
Whats ehome?

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
dont know this one - google it

C:\WINDOWS\system32\PnkBstrA.exe
virus - DEFINATELY a virus

C:\WINDOWS\system32\svchost.exe
virus - its in the wrong directory

C:\WINDOWS\system32\dllhost.exe
virus - its in the wrong directory

C:\WINDOWS\system32\wuauclt.exe
virus - its in the wrong directory

C:\WINDOWS\stsystra.exe
some system tray app? definately not stock windows.

C:\WINDOWS\system32\dla\tfswctrl.exe
dont know this one - in a suspicous place

C:\WINDOWS\system32\ctfmon.exe
dont know this one - in a suspicous place


C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
active card again



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
virus


O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
suspicious - google it

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
suspicious - google it

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
suspicious - google it

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
these two are harmless, but dont need to start with windows. safe to delete.

O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe"
two apps i dont know - strange names.

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
odd location - google it

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
some fake punkbuster thing - virus. this is only the startup value, so be sure to delete the .exe files manually.



and now i have done my work :)

Oh and dont worry about the guy who blames it on memory - you already ran memtest, i find it more reliable than than people who havent read the first half of this forum thread.

Mussels,

So you are saying that Pnkbster is a virus? That is the program that runs to ensure the computer does not have any "hacks" when doing online gaming. Active card is software tied to a smart card reader. TomTom is for my GPS.

The other ones I am not sure how they could be viruses...not one scan has ever shown something like these.


O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
virus
http://www.justtext.com/processes-tasks/tfswshx-dll.html

Gotta run to work for a bit but that website states that this is not a virus...will check on the others....

Thanks

punkbuster doesnt run as a seperate .exe file, let alone two!
NOR does it start with windows.

oh and i've seen that sonic dll before, often comes with spyware etc.

Viruses, spyware, adware - different things with different names, but every last thing shown in hijack this didnt come installed with windows - keep that in mind.

Mussels,

According to Evenbalance it is running PnkbstrA and PnkbustrB now.

I understand what you are saying with Hijack this but I think the system is fine....all the instances of things I looked up are for legit software installed on my machine. So I expect them to be there.

Thanks for helping out!

my bad if it changed, all i know is that i have punkbuster, but its installed with my games (BF2, for example) - and it certainly doesnt run at boot.

but yep, they looked suspicious, but i did say they might not be.
the BHO ones are the ones added to IE, and are the ones to remove to try and track down your IE crashing problems however.

punkbuster doesnt run as a seperate .exe file, let alone two!
NOR does it start with windows.

oh and i've seen that sonic dll before, often comes with spyware etc.

Viruses, spyware, adware - different things with different names, but every last thing shown in hijack this didnt come installed with windows - keep that in mind.

Sonic dll is part of the Roxio program..
And i too have a punkbuster A & B Now,never used to have think its a new thing..

sonic comes with roxio? good to now - and yeah, we found out punkbuster changed, now it uses those exes. dont like that to be honest, starting with windows and all.

sonic comes with roxio? good to now - and yeah, we found out punkbuster changed, now it uses those exes. dont like that to be honest, starting with windows and all.

No i dont think it should start with windows either..It should just start when needed imo..
Yeah i have a Roxio burning prog too and Roxio bought Sonic the makers of Record Now.
Record Now was a simple burning prog made by Sonic so i guess they intergrated into there own programs now..?