Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD 0x0000007a and 0x000000f4 (new)

Started by narong , May 18 2010 04:23 PM

  • This topic is locked This topic is locked

#1
narong
Posted 18 May 2010 - 04:23 PM

narong

    Member

  • Member
  • PipPip
  • 12 posts
hello all. i`m narong from malaysi.
i'm trying to troubleshoot my BSOD (Blue Screen Of Death ) Problem.
and technical staff from windows vista and 7 (BRONI) ask me to post this problem at here .
here the current topic kernel data in page error

ok here is the log for :

1: MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4113

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/19/2010 5:30:29 AM
mbam-log-2010-05-19 (05-30-29).txt

Scan type: Quick scan
Objects scanned: 126989
Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{d18bbd1f-82bb-4385-bed3-e9d31a3e361e} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9dc243a5-ee33-4674-8563-89b48e779eb1} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3d14cb9-183b-4bc8-8ce4-cba37a6fe8c6} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4bbe4c0-bd72-4a33-817c-2e7e16de20bc} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\FUSIONButtons.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
C:\Windows\System32\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
C:\Windows\System32\YMSG13.dll (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\Windows\System32\Core.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

2) gmer log ( ok for ur all information , i'm just trouble shoot for BSOD 0x0000007a , but when i run Gmer i got another BSOD code 0x000000f4 . two times i try to run the gmer i get the BSOD , then i make decision to run in safe mode and this is the LOG :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-19 05:54:19
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\awryqpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82447AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82447104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824302D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8242F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82447958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82447F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824481A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82060599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82084F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269d2aae7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269d2aae7@0012eed565da 0x96 0x1D 0xF8 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269d2aae7@002298a821de 0x0B 0x42 0x01 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x34 0x43 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x4B 0x81 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD6 0x52 0x22 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0x49 0xB8 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269d2aae7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269d2aae7@0012eed565da 0x96 0x1D 0xF8 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269d2aae7@002298a821de 0x0B 0x42 0x01 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x34 0x43 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x4B 0x81 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD6 0x52 0x22 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0x49 0xB8 0x35 ...

---- EOF - GMER 1.0.15 ----

3 ) OTL (since the log is big... i decide to upload it :) see at attachement for Otl and Extras.

4) and here IS my BSOD log ( optional )

==================================================
Dump File : 051910-19858-01.dmp
Crash Time : 5/19/2010 5:46:52 AM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x868bb348
Parameter 3 : 0x868bb4b4
Parameter 4 : 0x82e70d90
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051910-19858-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 051910-22635-01.dmp
Crash Time : 5/19/2010 5:43:20 AM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x86ba5030
Parameter 3 : 0x86ba519c
Parameter 4 : 0x82e3fd90
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051910-22635-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 051910-26988-01.dmp
Crash Time : 5/19/2010 4:47:36 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0604000
Parameter 2 : 0xc000000e
Parameter 3 : 0x2ec30880
Parameter 4 : 0xc0800000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051910-26988-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 051410-21496-01.dmp
Crash Time : 5/14/2010 3:24:46 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0604000
Parameter 2 : 0xc000000e
Parameter 3 : 0x4afcf880
Parameter 4 : 0xc0800000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051410-21496-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 051310-26769-01.dmp
Crash Time : 5/13/2010 5:16:05 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0604000
Parameter 2 : 0xc000000e
Parameter 3 : 0x0dd3a880
Parameter 4 : 0xc0800000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051310-26769-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 051110-22854-01.dmp
Crash Time : 5/11/2010 11:18:19 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0604000
Parameter 2 : 0xc000000e
Parameter 3 : 0x42584880
Parameter 4 : 0xc0800000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051110-22854-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 051010-20966-01.dmp
Crash Time : 5/10/2010 12:15:50 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc044a8e8
Parameter 2 : 0xc00000c0
Parameter 3 : 0x3a50b8c0
Parameter 4 : 0x8951de34
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051010-20966-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 050510-20514-01.dmp
Crash Time : 5/5/2010 1:16:14 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0604000
Parameter 2 : 0xc000000e
Parameter 3 : 0x410bd880
Parameter 4 : 0xc0800000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\050510-20514-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

i hope somebody can help me... i need a help :)

regards
narong

Attached Files

  • Attached File  OTL.Txt   153.57KB   193 downloads
  • Attached File  Extras.Txt   40.58KB   250 downloads

Edited by narong, 18 May 2010 - 04:28 PM.

  • 0

Advertisements

#2
narong
Posted 19 May 2010 - 07:34 PM

narong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
someone, please help.
i will pray for the helper for 1 days :)) hahhaa
  • 0

#3
Rorschach112
Posted 21 May 2010 - 08:44 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You are already being helped at another forum, TSF

Please don't waste our time by posting at multiple forums.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP