Blue screen random

#1
i have blue screens very often....
please help


This is the message on the blue screen:
PAGE_FAULT_IN_NONPAGED_AREA


And i find this on net about this message:
Faulty hardware, including RAM (system, video, or L2 cache)
 


Attachments

Last edited:

usasma

Fantastic Member
Microsoft Community Contributor
#2
PAGE_FAULT_IN_NONPAGED_AREA is a STOP 0x50 BSOD error - and is most often caused by faulty 3rd party drivers.
More info here: BSOD Index - STOP 0x50

The uploaded files don't include all of the reports. Please rerun the data collection app so that we can perform a complete analysis: http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html Let the app run for at least 15 minutes - and you'll know it's done when it asks you to zip up the files.

Your last 3 memory dumps show the page fault and also memory access errors.
So, the first step is to try to rule out 3rd party drivers.

Please:
1) Un-install Comodo. Enable the Windows Firewall once Comodo is removed. Make sure that you only have 1 antivirus and one firewall running. Here's a list of free antivirus': Free AntiVirus
2) Un-install DaemonTools/Alcohol software using this procedure:
Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Win7 systems (mostly due to the sptd.sys driver, although I have seen dtsoftbus01.sys blamed on several occasions).
Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration): [DEL] DuplexSecure - FAQ [/DEL] Link broken as of 21 Jul 2012
New link (15 Aug 2012): DuplexSecure - Downloads (pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link: Disc-Tools.com
Manual procedure here: Registry and SPTD problems | DAEMON Pro Help
3) Update your ATI video drivers to the latest version available from Global Provider of Innovative Graphics, Processors and Media Solutions | AMD
4) Update the rest of the older drivers listed below:

Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

AtiPcie.sys Tue May 5 11:00:22 2009 (4A005486)
ATI PCIE Driver for ATI PCIE chipset or [br] ATI PCI Express (3GIO) Filter[br]Found in my ATI video drivers (I have an Intel chipset)
http://www.carrona.org/drivers/driver.php?id=AtiPcie.sys

RtHDMIVX.sys Wed May 20 06:04:50 2009 (4A13D5C2)
Realtek HD Audio sound driver
http://www.carrona.org/drivers/driver.php?id=RtHDMIVX.sys

Rt64win7.sys Fri May 22 10:52:30 2009 (4A16BC2E)
Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys

TVALZFL.sys Fri Jun 19 06:05:44 2009 (4A3B62F8)
TVALZ Filter Driver - Toshiba
http://www.carrona.org/drivers/driver.php?id=TVALZFL.sys

pgeffect.sys Mon Jun 22 05:00:11 2009 (4A3F481B)
Toshiba Universal Camera Filter driver/Pangu Effect driver
http://www.carrona.org/drivers/driver.php?id=pgeffect.sys

tos_sps64.sys Wed Jun 24 01:31:09 2009 (4A41BA1D)
Toshiba tos_sps64 Service
http://www.carrona.org/drivers/driver.php?id=tos_sps64.sys

LPCFilter.sys Tue Jun 30 19:57:52 2009 (4A4AA680)
LPC Lower Filter Driver [Toshiba]
http://www.carrona.org/drivers/driver.php?id=LPCFilter.sys

TVALZ_O.SYS Mon Jul 13 22:19:26 2009 (4A5BEB2E)
TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver
http://www.carrona.org/drivers/driver.php?id=TVALZ_O.SYS

SynTP.sys Mon Jul 20 20:07:29 2009 (4A6506C1)
Synaptic Touch Pad Driver
http://www.carrona.org/drivers/driver.php?id=SynTP.sys

dtsoftbus01.sys Fri Jan 13 08:45:46 2012 (4F10358A)
Daemon Tools driver [br] Possible BSOD issues in Win7
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys



Analysis:
The following is for informational purposes only.
Code:
[FONT=lucida console]**************************Mon Nov 26 02:52:21.755 2012 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\112612-20420-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: [B]7601[/B].17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime:[B]0 days 0:18:05.300[/B]
BugCheck Code: [B]BugCheck 1A, {5003, fffff70001080000, 10017, 100390002006e}[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+45f3d )[/B]
BugCheck Info: [B]MEMORY_MANAGEMENT (1a)[/B]
Arguments: 
Arg1: 0000000000005003, The subtype of the bugcheck.
Arg2: fffff70001080000
Arg3: 0000000000010017
Arg4: 000100390002006e
BUGCHECK_STR:  0x1a_5003
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME: [B]cmdagent.exe[/B]
FAILURE_BUCKET_ID: [B]X64_0x1a_5003_nt!_??_::FNODOBFM::_string_+45f3d[/B]
  BIOS Version                  V1.20
  BIOS Release Date             11/30/2009
  Manufacturer                  TOSHIBA
  Product Name                  Satellite L500D
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Nov 25 16:30:33.619 2012 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\112512-19921-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: [B]7601[/B].17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime:[B]0 days 0:03:16.164[/B]
BugCheck Code: [B]BugCheck 50, {fffffaa0049c3184, 0, fffff880012368d9, 5}[/B]
Probably caused by :[B]Ntfs.sys ( Ntfs!NtfsCommonRead+89 )[/B]
BugCheck Info: [B]PAGE_FAULT_IN_NONPAGED_AREA (50)[/B]
Arguments: 
Arg1: fffffaa0049c3184, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff880012368d9, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000005, (reserved)
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0x50
PROCESS_NAME: [B]WINWORD.EXE[/B]
FAILURE_BUCKET_ID: [B]X64_0x50_Ntfs!NtfsCommonRead+89[/B]
  BIOS Version                  V1.20
  BIOS Release Date             11/30/2009
  Manufacturer                  TOSHIBA
  Product Name                  Satellite L500D
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Nov 25 16:25:25.011 2012 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\112512-20373-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: [B]7601[/B].17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime:[B]0 days 0:00:59.431[/B]
BugCheck Code: [B]BugCheck 1A, {5003, fffff70001080000, 78f, 7b100000f5e}[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+38906 )[/B]
BugCheck Info: [B]MEMORY_MANAGEMENT (1a)[/B]
Arguments: 
Arg1: 0000000000005003, The subtype of the bugcheck.
Arg2: fffff70001080000
Arg3: 000000000000078f
Arg4: 000007b100000f5e
BUGCHECK_STR:  0x1a_5003
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME: [B]dw20.exe[/B]
FAILURE_BUCKET_ID: [B]X64_0x1a_5003_nt!_??_::FNODOBFM::_string_+38906[/B]
  BIOS Version                  V1.20
  BIOS Release Date             11/30/2009
  Manufacturer                  TOSHIBA
  Product Name                  Satellite L500D
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
[/FONT]
3rd Party Drivers:
The following is for information purposes only.
Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
Code:
[FONT=lucida console]**************************Mon Nov 26 02:52:21.755 2012 (UTC - 5:00)**************************
[COLOR=RED][B]AtiPcie.sys                 Tue May  5 11:00:22 2009 (4A005486)[/B][/COLOR]
[COLOR=RED][B]RtHDMIVX.sys                Wed May 20 06:04:50 2009 (4A13D5C2)[/B][/COLOR]
[COLOR=RED][B]Rt64win7.sys                Fri May 22 10:52:30 2009 (4A16BC2E)[/B][/COLOR]
[COLOR=RED][B]TVALZFL.sys                 Fri Jun 19 06:05:44 2009 (4A3B62F8)[/B][/COLOR]
[COLOR=RED][B]tos_sps64.sys               Wed Jun 24 01:31:09 2009 (4A41BA1D)[/B][/COLOR]
[COLOR=RED][B]LPCFilter.sys               Tue Jun 30 19:57:52 2009 (4A4AA680)[/B][/COLOR]
[COLOR=RED][B]TVALZ_O.SYS                 Mon Jul 13 22:19:26 2009 (4A5BEB2E)[/B][/COLOR]
[COLOR=RED][B]SynTP.sys                   Mon Jul 20 20:07:29 2009 (4A6506C1)[/B][/COLOR]
RTKVHD64.sys                Tue Jul 28 09:00:05 2009 (4A6EF655)
atikmdag.sys                Thu Jul 30 00:23:28 2009 (4A712040)
tdcmdpst.sys                Thu Jul 30 04:39:35 2009 (4A715C47)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
rtl8192se.sys               Mon Apr 26 13:23:06 2010 (4BD5CBFA)
[COLOR=RED][B]dtsoftbus01.sys             Fri Jan 13 08:45:46 2012 (4F10358A)[/B][/COLOR]
cmderd.sys                  Wed Nov  7 17:06:57 2012 (509ADB81)
inspect.sys                 Wed Nov  7 17:07:02 2012 (509ADB86)
cmdhlp.sys                  Wed Nov  7 17:07:03 2012 (509ADB87)
cmdguard.sys                Wed Nov  7 17:07:39 2012 (509ADBAB)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Nov 25 16:30:33.619 2012 (UTC - 5:00)**************************
[COLOR=RED][B]pgeffect.sys                Mon Jun 22 05:00:11 2009 (4A3F481B)[/B][/COLOR]
[/FONT]
http://www.carrona.org/drivers/driver.php?id=AtiPcie.sys
http://www.carrona.org/drivers/driver.php?id=RtHDMIVX.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=TVALZFL.sys
http://www.carrona.org/drivers/driver.php?id=tos_sps64.sys
http://www.carrona.org/drivers/driver.php?id=LPCFilter.sys
http://www.carrona.org/drivers/driver.php?id=TVALZ_O.SYS
http://www.carrona.org/drivers/driver.php?id=SynTP.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=tdcmdpst.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=rtl8192se.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
http://www.carrona.org/drivers/driver.php?id=cmderd.sys
http://www.carrona.org/drivers/driver.php?id=inspect.sys
http://www.carrona.org/drivers/driver.php?id=cmdhlp.sys
http://www.carrona.org/drivers/driver.php?id=cmdguard.sys
http://www.carrona.org/drivers/driver.php?id=pgeffect.sys
 


Last edited:
#3
First of all thanks for the quick answer......
Here is the file with all the reports you need.........
 


Attachments

usasma

Fantastic Member
Microsoft Community Contributor
#4
Only 105 updates since SP1 - most systems have 130 to 140. Please check at Windows Update and get ALL available updates.

Your webcam is disabled - is this deliberate? If so, why?
Please re-enable the webcam and then update it's drivers. Feel free to disable it again if you wish.

The rest of the steps remain the same as those above.

Good luck!
 


#5
i have about 169 updates.......
I re-enable my webcam and install it's drivers.....
BUT i cant do nothing with this drivers
1. TVALZ Filter Driver - Toshiba i cant find it.....
2.
Toshiba Universal Camera Filter driver/Pangu Effect driver i cant find it
3.
Toshiba tos_sps64 Service i cant find it
4.
LPC Lower Filter Driver [Toshiba] i cant find it......

anh help?
 


usasma

Fantastic Member
Microsoft Community Contributor
#6
For now, no need to get anything more recent.
What we do is watch and see if the BSOD's are fixed.
If not, then we can start working on the other drivers (in most cases it's not needed).

I strongly suspect that removing Daemon Tools and Comodo will fix things for you.
 


#7
Ok thanks my friend.........
i will wait then for the Bsod appears!!!!!!!!!!!!!!!
 


#8
The BosD appeared again......
can you check this?
 


Attachments

usasma

Fantastic Member
Microsoft Community Contributor
#9
If comfortable with regedit, do this:
Set HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\TrackPtes
to a DWORD 3 value and reboot. If the same bugcheck (STOP 0xDA) occurs again the stack trace will
identify the offending driver.
Make sure to backup/export that registry key prior to making the change (that way you can easily revert back once the BSOD's are stopped).

If unsure or not comfortable doing this, post back for more detailed instructions.
*****************************************
The installation of new video drivers has added 2 known problem drivers (AODDriver2.sys and AtiPcie.sys)
While we can prune these out manually, it'll be much easier to try this procedure (don't worry about the caution for Toshiba laptops as you've proven that you can install the default drivers anyway): ATI video cards - DRIVER ONLY installation procedure
*****************************************
When able, please run these free diagnostics: Hardware Diagnostics I'm asking for these because we see a lot of memory issues in the memory dumps (while this is usual, your errors "feel" different to me - that's why I'm asking for these tests).

Analysis:
The following is for informational purposes only.
Code:
[font=lucida console]**************************Wed Nov 28 08:23:04.688 2012 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\112812-20592-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: [B]7601[/B].17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime:[B]0 days 0:21:31.233[/B]
BugCheck Code: [B]BugCheck 1A, {5005, fffff70001080000, 866, 79c}[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1ffe5 )[/B]
BugCheck Info: [B]MEMORY_MANAGEMENT (1a)[/B]
Arguments: 
Arg1: 0000000000005005, The subtype of the bugcheck.
Arg2: fffff70001080000
Arg3: 0000000000000866
Arg4: 000000000000079c
BUGCHECK_STR:  0x1a_5005
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME: [B]mscorsvw.exe[/B]
FAILURE_BUCKET_ID: [B]X64_0x1a_5005_nt!_??_::FNODOBFM::_string_+1ffe5[/B]
  BIOS Version                  V1.20
  BIOS Release Date             11/30/2009
  Manufacturer                  TOSHIBA
  Product Name                  Satellite L500D
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Nov 27 12:17:40.445 2012 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\_jcgriff2_\dbug\__Kernel__\112712-22417-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: [B]7601[/B].17944.amd64fre.win7sp1_gdr.120830-0333
System Uptime:[B]0 days 0:02:07.006[/B]
BugCheck Code: [B]BugCheck DA, {504, fffff6fc40053fb8, 1, a7f7}[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+b3eb )[/B]
BugCheck Info: [B]SYSTEM_PTE_MISUSE (da)[/B]
Arguments: 
Arg1: 0000000000000504, Type of error.
Arg2: fffff6fc40053fb8
Arg3: 0000000000000001
Arg4: 000000000000a7f7
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0xDA
PROCESS_NAME: [B]Skype.exe[/B]
FAILURE_BUCKET_ID: [B]X64_0xDA_nt!_??_::FNODOBFM::_string_+b3eb[/B]
  BIOS Version                  V1.20
  BIOS Release Date             11/30/2009
  Manufacturer                  TOSHIBA
  Product Name                  Satellite L500D
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
[/font]
3rd Party Drivers:
The following is for information purposes only.
Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
Code:
[font=lucida console]**************************Wed Nov 28 08:23:04.688 2012 (UTC - 5:00)**************************
[COLOR=RED][B]AtiPcie.sys        Tue May  5 11:00:22 2009 (4A005486)[/B][/COLOR]
[COLOR=RED][B]TVALZFL.sys        Fri Jun 19 06:05:44 2009 (4A3B62F8)[/B][/COLOR]
[COLOR=RED][B]pgeffect.sys       Mon Jun 22 05:00:11 2009 (4A3F481B)[/B][/COLOR]
[COLOR=RED][B]tos_sps64.sys      Wed Jun 24 01:31:09 2009 (4A41BA1D)[/B][/COLOR]
[COLOR=RED][B]LPCFilter.sys      Tue Jun 30 19:57:52 2009 (4A4AA680)[/B][/COLOR]
[COLOR=RED][B]TVALZ_O.SYS        Mon Jul 13 22:19:26 2009 (4A5BEB2E)[/B][/COLOR]
tdcmdpst.sys       Thu Jul 30 04:39:35 2009 (4A715C47)
amdiox64.sys       Thu Feb 18 10:17:53 2010 (4B7D5A21)
amdxata.sys        Fri Mar 19 12:18:18 2010 (4BA3A3CA)
rtl8192se.sys      Mon Apr 26 13:23:06 2010 (4BD5CBFA)
[COLOR=RED][B]AODDriver2.sys     Tue Mar  6 04:55:00 2012 (4F55DEF4)[/B][/COLOR]
RTKVHD64.sys       Tue Jun 19 04:50:56 2012 (4FE03D70)
atikmpag.sys       Wed Jul  4 01:10:55 2012 (4FF3D05F)
atikmdag.sys       Wed Jul  4 01:16:13 2012 (4FF3D19D)
aswrdr2.sys        Mon Oct  8 04:23:43 2012 (50728D8F)
Rt64win7.sys       Thu Oct 25 05:20:09 2012 (50890449)
SynTP.sys          Thu Oct 25 22:16:32 2012 (5089F280)
aswFsBlk.SYS       Tue Oct 30 18:43:04 2012 (509057F8)
aswMonFlt.sys      Tue Oct 30 18:43:09 2012 (509057FD)
aswTdi.SYS         Tue Oct 30 18:43:16 2012 (50905804)
aswSP.SYS          Tue Oct 30 18:44:06 2012 (50905836)
aswSnx.SYS         Tue Oct 30 18:44:08 2012 (50905838)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Nov 27 12:17:40.445 2012 (UTC - 5:00)**************************
[COLOR=RED][B]RtHDMIVX.sys       Wed May 20 06:04:50 2009 (4A13D5C2)[/B][/COLOR]
Rt64win7.sys       Fri May 22 10:52:30 2009 (4A16BC2E)
SynTP.sys          Mon Jul 20 20:07:29 2009 (4A6506C1)
RTKVHD64.sys       Tue Jul 28 09:00:05 2009 (4A6EF655)
atikmdag.sys       Thu Jul 30 00:23:28 2009 (4A712040)
[COLOR=RED][B]dtsoftbus01.sys    Fri Jan 13 08:45:46 2012 (4F10358A)[/B][/COLOR]
[/font]
http://www.carrona.org/drivers/driver.php?id=AtiPcie.sys
http://www.carrona.org/drivers/driver.php?id=TVALZFL.sys
http://www.carrona.org/drivers/driver.php?id=pgeffect.sys
http://www.carrona.org/drivers/driver.php?id=tos_sps64.sys
http://www.carrona.org/drivers/driver.php?id=LPCFilter.sys
http://www.carrona.org/drivers/driver.php?id=TVALZ_O.SYS
http://www.carrona.org/drivers/driver.php?id=tdcmdpst.sys
http://www.carrona.org/drivers/driver.php?id=amdiox64.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=rtl8192se.sys
http://www.carrona.org/drivers/driver.php?id=AODDriver2.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=aswrdr2.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=SynTP.sys
http://www.carrona.org/drivers/driver.php?id=aswFsBlk.SYS
http://www.carrona.org/drivers/driver.php?id=aswMonFlt.sys
http://www.carrona.org/drivers/driver.php?id=aswTdi.SYS
http://www.carrona.org/drivers/driver.php?id=aswSP.SYS
http://www.carrona.org/drivers/driver.php?id=aswSnx.SYS
http://www.carrona.org/drivers/driver.php?id=RtHDMIVX.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=SynTP.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
 


#10
I install the video drivers as you said in your last post........
Now for the regedit you said i reach until here...HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management..............
I cant find the Trackptes in order to change its value.........
 


usasma

Fantastic Member
Microsoft Community Contributor
#11
Right click on the Memory Management key and select "export"
Give it a name and save it to your desktop so you can reverse the changes later on.

Then, in the Memory Management key, right click on an empty space in the left-hand pane of Registry Editor
Select "New", then select "DWORD (32 bit) value"
Name it TrackPtes (Exactly as I've typed it)
Then right click on the new entry and select "Modify"
Change it to a "3" (without the quotes) and click on OK to save the new setting.
Reboot for the changes to take affect (?effect?)

Wait until we get another STOP 0xDA BSOD

Once that's done, double click on the one that you saved to your Desktop and merge it back into the registry.
Double check to make sure that the TrackPtes key is gone.
 


#12
to add on to usasma's post.

Reboot for the changes to take affect (?effect?) effect.
A few of those dumps point to a problem with your memory. Memory can be found in your Graphics Card, RAM (obviously), CPU and Hard Disk.
Try running
Memtest86+ - Advanced Memory Diagnostic Tool ---- 7 to 8 hours (or overnight)
Free Software - GIMPS ---- up to 3 hours (or until error shows)
HD Tune website ---- run for 2 to 3 days
or use usasma's hardware diagnostics here: Hardware Diagnostics

Another way to test your RAM (RAM only):
Remove all RAM sticks (except one) (be sure to turn the computer power off before doing this) and restart your computer. If it boots, that means the current RAM stick is working ok.
Repeat with all the other RAM sticks until you find one faulty.

You can also do the above process with memtest to do a more thorough check.

PAGE_FAULT_IN_NONPAGED_AREA:
Use this link: A description of the Safe Mode Boot options in Windows XP and boot into the Last known Good Configuration. (If you can't access the link:
  1. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
  2. Select an option when the Windows Advanced Options menu appears, and then press ENTER.
  3. When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER. Last Known Good Configuration: This option starts Windows by using the previous good configuration.
Source: Microsoft Support Knowledge Base Entry No. 315222

You can also try this link: The computer may automatically restart, or you may receive a "serious error" message or a Stop error message in Windows Server 2003, in Windows XP, or in Windows 2000 to solve the problem. If that link doesn't work:
[h=3]Method 1: Rename the malicious driver by using Internet Explorer[/h]
  1. Open Internet Explorer.
  2. In the Address box, type %windir%\system32\drivers, and then press ENTER.
  3. Locate the randomly named .sys file, right-click the file, and then select Rename.
  4. Type malware.old to rename the file, and then press ENTER.
  5. In the Address box, type \WINDOWS\system32, and then press ENTER.
  6. Locate and then rename the following files, if they exist:
    • Msupd5.exe. Rename this file Msupd5.old.
    • Msupd4.exe. Rename this file Msupd4.old.
    • Msupd.exe. Rename this file Msupd.old.
    • Reloadmedude.exe. Rename this file Reloadmedude.old.
  7. Close Internet Explorer.
  8. Restart the computer.
  9. Make sure that your antivirus or anti-spyware software is updated with the latest signatures, and then perform a complete system scan.
[h=3]Method 2: In Safe Mode, rename the malicious driver by using My Computer[/h]
  1. Start the computer in Safe Mode. To do this, follow these steps:
    1. Restart the computer.
    2. As the computer starts, press the F8 key repeatedly (one time per second). This action will cause the Microsoft Windows Advanced Startup Menu options to appear.
    3. Use the UP ARROW and DOWN ARROW keys to highlight Safe Mode, and then press ENTER.
  2. Open Internet Explorer
  3. In the Address box, type %windir%\system32\drivers, and then press ENTER.
  4. Enable the viewing of hidden files. To do this, follow these steps:
    1. Click Start, and then click My Computer.
    2. On the Tools menu, click Folder Options.
    3. On the View tab, click to clear the Hide protected operating system files (Recommended) check box, and then click Yes when you receive a warning message that states that you have chosen to display protected operating system files.
    4. Under Hidden files and folders, click Show hidden files and folders.
    5. Click to clear the Hide extensions for known file types check box.
    6. In the Folder views area, click Apply to All Folders, and then click OK.
  5. Locate the folder named C:\%windir%\System32\Drivers.
  6. Locate any .sys file that has the following characteristics:
    1. A randomly generated file name that is made up of eight lowercase letters, such as "gbqxmhia.sys," "upzvlbvv.sys," or "jsbmefvk.sys"
    2. A date of January 11, 2005
    3. A size of 14 KB (13,824 bytes)
    4. A hidden attribute that is set

      Note A file that has its hidden attribute set displays an "HA" in the Attributes column in Windows Explorer. For instructions on how to view the Attributes column, see steps 5a and 5b of the procedure that is described in the "More information" section.
    5. It has no version, product name, or manufacturer information.
  7. For each file that you locate, right-click the file, and then select Rename.
  8. Type malware1.old to rename the first file, and then press ENTER.

    Note Type malware2.old to rename the second file, type malware3.old to rename the third file, and so on.
  9. Locate the %windir%\System32 folder.
  10. Rename the following files, if they exist:
    • Msupd5.exe. Rename this file msupd5.old.
    • Msupd4.exe. Rename this file Msupd4.old.
    • Msupd.exe. Rename this file Msupd.old.
    • Reloadmedude.exe. Rename this file Reloadmedude.old.
  11. Restart the computer.
  12. Make sure that your antivirus or anti-spyware software is updated with the latest signatures, and then perform a complete system scan.
[h=3]Method 3: In Safe Mode, rename the malicious driver by using the command prompt[/h]
  1. Start the computer in Safe Mode. To do this, follow these steps:
    1. Restart the computer.
    2. As the computer starts, press the F8 key repeatedly (one time per second). This action will cause the Microsoft Windows Advanced Startup Menu options to appear.
    3. Use the UP ARROW and the DOWN ARROW keys to select Safe Mode with Command Prompt, and then press ENTER.
  2. Click Start, click Run, type cmd in the Open box, and then click OK.
  3. At the command prompt, type CD %windir%\system32\drivers, and then press ENTER.
  4. Type Dir /ah, and then press ENTER.
  5. You will see text that is similar to the following text. The .sys file name will be randomly generated.

    Directory of C:\WINDOWS\system32\drivers01/11/2005 09:18 AM 13,824 gbqxmhia.sys 1 File(s) 13,824 bytes 0 Dir(s) 961,425,408 bytes free

  6. Type Attrib –s –h RandomFilename, and then press ENTER. This action removes the system attributes and the hidden attributes from the file.

    Note The placeholder RandomFilename represents the name of the .sys file that is displayed after you perform step 5. For example, for the file name that is specified in the example in step 5, you would type Attrib –s –h gbqxmhia.sys.
  7. Type Ren RandomFilename malware.old, and then press ENTER. This action renames the randomly named file.
  8. Type CD, and then press ENTER. This changes the command line to the %windir%\System32 folder.
  9. Type the following commands one at a time, and then press ENTER after you type each command:
    Ren msupd5.exe msupd5.old
    Ren msupd4.exe msupd4.old
    Ren msupd.exe msupd.old
    Ren reloadmedude.exe reloadmedude.old
    Note If you receive the following error message, you can safely ignore the message, because it indicates that the targeted file does not exist:The system cannot find the file specified.


  10. Type Exit, and then press ENTER.
  11. Restart the computer.
  12. Make sure that your antivirus or anti-spyware software is updated with the latest signatures, and then perform a complete system scan.
Source: Microsoft Support Knowledge Base No. 894278

Not sure how to tackle the last one: SYSTEM_PTE_MISUSE
but I'm quite sure it has something to do with your memory.
 


usasma

Fantastic Member
Microsoft Community Contributor
#13
Thanks GeneralHiningII!

The PTE stuff will be handled (we hope) by the registry edit. Just have to wait for the STOP 0xDA to come by again and the regedit should force the offending driver to be named in the memory dump. If it doesn't (or if it's a Windows driver), then we suspect hardware or Windows issues (hardware is more likely).
 


#14
Hi.....
I did the job with regedit you said about TrackPtes......
Also i run the memtest for 2 pass in 2 hours and 10 minutes and it starting spitting errors(31323 errors).......i had the red stuff in the bottom half of my screen...........
 


#15
i have windows 7.........and tha artciles you said is about windows xp........


to add on to usasma's post.



A few of those dumps point to a problem with your memory. Memory can be found in your Graphics Card, RAM (obviously), CPU and Hard Disk.
Try running
Memtest86+ - Advanced Memory Diagnostic Tool ---- 7 to 8 hours (or overnight)
Free Software - GIMPS ---- up to 3 hours (or until error shows)
HD Tune website ---- run for 2 to 3 days
or use usasma's hardware diagnostics here: Hardware Diagnostics

Another way to test your RAM (RAM only):
Remove all RAM sticks (except one) (be sure to turn the computer power off before doing this) and restart your computer. If it boots, that means the current RAM stick is working ok.
Repeat with all the other RAM sticks until you find one faulty.

You can also do the above process with memtest to do a more thorough check.

PAGE_FAULT_IN_NONPAGED_AREA:
Use this link: A description of the Safe Mode Boot options in Windows XP and boot into the Last known Good Configuration. (If you can't access the link:

Source: Microsoft Support Knowledge Base Entry No. 315222

You can also try this link: The computer may automatically restart, or you may receive a "serious error" message or a Stop error message in Windows Server 2003, in Windows XP, or in Windows 2000 to solve the problem. If that link doesn't work:

Source: Microsoft Support Knowledge Base No. 894278

Not sure how to tackle the last one: SYSTEM_PTE_MISUSE
but I'm quite sure it has something to do with your memory.
 


usasma

Fantastic Member
Microsoft Community Contributor
#16
Don't worry about the XP vs Vista/Win7 stuff right now.
The first priority is to fix the problem with your RAM
If it's not fixed, there's no sense in fixing the other issues.

Start out by following from STEP 6a at this link: Memory Diagnostics
 


#17
the way to enter Safe Mode is the same in Windows 7.
 


#18
hi
method 1 of your post say to rename the malicious drivers.....
But i cant locate them in the root you said ''%windir%\system32\drivers'' and i find them here ''\WINDOWS\system32 ''
i dont know exactly but i think the malicious drivers for my computer are these
TVALZ Filter Driver
Toshiba Universal Camera Filter driver/Pangu Effect driver
Toshiba tos_sps64
LPC Lower Filter Driver
....






the way to enter Safe Mode is the same in Windows 7.
 


GeneralHiningII

Honorable Member
#19
%windir% is just the directory for your Windows Folders, so C:\Windows\System32 is the correct one.

If you're unable to use method 1, try method 2.
 


#20
Hi......i completed the step 6a without any errors and with 3 passes...............
in the meantime i had another blue screen......so what to do with regedit and trackptes in order to find the malicious driver?
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top