Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Page Fault in non-paged area [2 merged][RESOLVED]


  • This topic is locked This topic is locked

#1
JodyMac12

JodyMac12

    Member

  • Member
  • PipPip
  • 18 posts
I HAVE GONE THROUGH THE STEPS INDICATED - SCAN FOR SPYWARE WITH AD-AWARE, CWSSHREDDER & SPYBOT S & D. SCANNED FOR VIRUS, AND DONE UPDATES. DURING PROCESS OF TRYING TO DO THE DIAGNOSTICS, ALMOST ALWAYS GET 'BLUE SCREEN' INDICATING 'PAGE_FAULT_IN_NON-PAGED_AREA'. TOOK A LONG TIME TO BE ABLE TO SAVE 'HIJACK THIS LOG' - CRASHED EVERY TIME I TRIED TO SAVE IT. DOWNLOADED 'TUNE-UP UTILITIES', AND FINALLY GOT IT TO CLEAN THE REGISTRY, WAS ABLE TO SAVE LOG, AND HERE IT IS. I WANT TO SEND THIS BEFORE I CRASH AGAIN.

Logfile of HijackThis v1.99.1
Scan saved at 5:33:38 PM, on 4/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jodyadmin\My Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec....ersion=10.00.13
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098574630358
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15369B46-5771-4F90-99F9-9C29F6338C7A}: NameServer = 68.168.160.2,68.168.160.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{15369B46-5771-4F90-99F9-9C29F6338C7A}: NameServer = 68.168.160.2,68.168.160.5
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: FileSaver_Service - Unknown owner - C:\Program Files\Energizer FileSaver\UPSMON_Service.Exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
  • 0

Advertisements


#2
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
i posted a 'hi-jack this' log on 4/15/2005, have not gotten a response to that yet. since then, i am not having the same crash issue, but there is stil a problem of some kind. if i 'scan for hardware changes', i always get a message indicating 'found new hardware - distributed link tracking client', then that is followed by a message indicating 'a problem occurred during hardware installation, your new hardware may not work properly". i haven't installed any new hardware, and i don't know what a distributed link tracking client is - can someone help me?




These posts now closed in favour of the latest: http://www.geekstogo...ndpost&p=104253

Edited by Crustyoldbloke, 03 May 2005 - 01:08 PM.

  • 0

#3
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello -
forgive me if i'm too impatient - i just don't have a feel for how this works. I posted a 'hijack this' log on 4/15/2005, and a follow-up on 4/25/2005. When i posted the 2nd post, the 2 posts were combined. At about that time, it started to indicate that i had gotten 1 reply, but i can't find that - was there really a reply, or is that a result of having the 2 posts combined? have a lost the reply somehow? It seems like others get answers in less time than i've been waiting - is this just luck of the draw, or is my problem that bad? please advise if i should continue to wait for a reply...
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Jody Mac12 and welcome to Geeks to Go.

Apologies for it taking so long to get to you, but the forums have been busy of late. You log is a little old now so we'll do a general clean up fist and then I'll sort out the rest. If you are ready, let’s get fixing!

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
Ewido Security Suite

Install Ewido Security Suite (it is a 14-day trial version of the programme).
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The programme will prompt you to update click the OK button
  • The programme will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the programme scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop and include it in your reply.
There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, Analyze, Run Cleaner. You may be fairly surprised by how much it finds.

Post back a fresh HijackThis log and also an Uninstall Log:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click Save List (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

and I will take another look.

Edited by Crustyoldbloke, 03 May 2005 - 01:10 PM.

  • 0

#5
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Crusty -

thanks so much for the response! i ran the 'ewido' scan and did the cc cleaner, as you instructed. below is the latest HJT log and the uninstall log. i also have copies of event logs and the like that i have been saving over the past month or so when having crash / retart issues, if you think any of those would help. I look forward to hearing from you.
____________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 4:43:16 PM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jodyadmin\My Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec....ersion=10.00.13
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098574630358
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15369B46-5771-4F90-99F9-9C29F6338C7A}: NameServer = 68.168.160.2,68.168.160.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{15369B46-5771-4F90-99F9-9C29F6338C7A}: NameServer = 68.168.160.2,68.168.160.5
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

__________________________________________________________________

Ad-Aware SE Personal
Ahead Nero Burning ROM
A-O Solutions 2004A
ASUS Probe V2.21.03
AsusUpdate
CCleaner (remove only)
DiamondCS TDS-3
ewido security suite
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Lexmark Z65
LiveUpdate 2.6 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
SoundMAX
Spybot - Search & Destroy 1.3
Symantec pcAnywhere
TapeWare
TuneUp Utilities 2004
Windows Installer Clean Up
Windows Support Tools
WinZip
  • 0

#6
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey Crusty -
I wanted to give you an update on my situation that is sure to be relevant. Somewhere i stumbled across a reference for a windows memory diagnostic download - i got that, ran it, and found that one of the 2 512MB memory sticks installed in the computer was bad. i am currently running it on the remaining 512MB stick which checks out fine. This is enough memory to work on until i get another stick, so that part is good. i'm still not feeling like everything is fixed, though, because i still get the weird message about the distributed link tracking client (see my post dated 4/25/05). thanks in advance for any help you can give me!
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Jody Mac12

Once again I am sending you my apologies. I am sure that I was tracking this thread as I do with all of the threads I reply to, but for some unknown reason, your thread has not been on my list.

What is the situation now? You appear to have a dodgy stick of RAM.

I can't see any malware in your HJT log or any bad programmes in your uninstall list.

If you want to send in a fresh HJT log, I will be more than happy to look at it, and rest assured I am ensuring that this thread is on my subscription list.

Edited by Crustyoldbloke, 25 May 2005 - 08:24 AM.

  • 0

#8
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK Crusty -
Thanks for getting back to me. Taking out the bad memory stick has helped out a lot, but i'm still uncomfortable with the current situation because of the 'distributed link tracking client' weirdness detailed in my post dated 4/25/2005. Maybe it's nothing to worry about, but i'd feel better if i could get it to stop doing that. I went ahead and did another HJT log, and it is attached. Please let me know what you think the deal is with the 'distributed link tracking client'. For the record, I've tried disabling the service, enabling the service, etc - i get the same message whether the service is enabled or disabled...Thanks again for your help!

Logfile of HijackThis v1.99.1
Scan saved at 12:16:23 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jodyadmin\My Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec....ersion=10.00.13
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098574630358
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15369B46-5771-4F90-99F9-9C29F6338C7A}: NameServer = 68.168.160.2,68.168.160.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{15369B46-5771-4F90-99F9-9C29F6338C7A}: NameServer = 68.168.160.2,68.168.160.5
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
  • 0

#9
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Jody

Here's some interesting reading on the subject of distributed link tracking client.

http://www.theelderg...king_client.htm

Also please note that this entry in your HJT log falls under the optional status:

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

Research shows that it is spyware, but not malicious. If you want to get rid of it, just put a check mark against the entry in HJT and click on fix checked.

The rest is clean :tazz:
  • 0

#10
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Crusty -

I should probably just let this go, BUT, please help me understand this a little better. I read the information on the 'distributed link tracking client' at the link you gave me - in fact, i had even found this earlier in the process. Based on that info, and because this service runs on all the other machines in our little 5 computer network, i do not plan to remove (or disable) the service on the machine in question. Here's what i can't get past, though: this is the only machine that gives me the 2 error messages when i 'scan for hardware changes'. see post dated 4/25/2005. what is causing these error messages on this machine, when i don't get them on any others? I am particularly concerned with this machine because it functions as our server - all our shared files are stored & backed up on the quirky machine...I want it to be the most reliable...Thanks again...
  • 0

#11
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

I would suggest placing this question on either the XP forum or Networking forum to find someone better qualified than myself to answer your query. The only thing I can say is it is not malware related.

I would suggset that you make this a fresh topic rather than dragging this thread over by requesting it to be moved.

I'll leave this thread open for a few days just in case anything untoward should occur.
  • 0

#12
JodyMac12

JodyMac12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks, Crusty -

I'll try the XP forum first...
  • 0

#13
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP