0

Hi, I'm getting BSOD extremely frequently over the last 24 hours. The blue screen says:

Kernal Data Inpage Error,
and
0x0000007a.

but goes by too fast for me to copy down any other code.

It also recommended stopping "Cache Shadowing" in the BIOS, but I could not find this option in the BIOS.

I've tried rebooting in safe more after a couple of these BSOD's and Windows stopped loading at the following line both times:
Windows\system32\drivers\bftpdskc64.sys

I'm not sure if this is a virus or a windows problem, so I'm posting in Windows, but with the requisite preliminary research recommended in the virus threads. I have done all the "read before you post" virus scans, but am having trouble completing the MBAM scan, as it BSOD's before the scan can complete.

Microsoft Malicious Software Removal Tool detected nothing.
ATF Cleaner: Cleaned
GMER did a preliminary scan on opening, but no results were posted. Most of the checkboxes, including the ones mentioned, were greyed out and did not allow checking.
I can't upload the GMER one.log, but have uploaded the GMER two.log.

I did a quick MBAM scan which is posted as QuickMBAM.txt I will try to do a full scan. I've found that the MBAM log folder has been deleted, and any logs are being prevented from saving there. I save them under other names and locations as soon as they pop up, and can thus post them.

The long MBAM has been interrupted by BSOD's, and attempting a Hijackthis caused a total power out.

Hijack this finally scanned.

Edited by Michael_SB

Attachments
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 29/07/2010 04:39:22
System Uptime: 30/04/2012 01:22:38 (0 hours ago)

Motherboard: Dell Inc. |  | 0Y525R
Processor: Intel(R) Core(TM)2 Duo CPU     P8700  @ 2.53GHz | Socket 479 | 2534/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 247 GiB total, 56.721 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 204 GiB total, 75.107 GiB free.
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: 
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001204-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&169659AB&0&0023D4A9E78F_C00000003
Manufacturer: 
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001204-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&169659AB&0&0023D4A9E78F_C00000003
Service: 

Class GUID: 
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: 
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 

Class GUID: 
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: 
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 

==== System Restore Points ===================

RP418: 29/04/2012 11:58:18 - Windows Backup
RP419: 29/04/2012 19:05:04 - Windows Backup

==== Installed Programs ======================


"Nero SoundTrax Help
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
AC2 server emulator 0.44 by Dormine
Ad-Aware
Adobe Acrobat X Pro - English, Franais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Media Player
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Advertising Center
AnyDVD
Apple Application Support
Apple Software Update
Assassin's Creed Brotherhood
Assassin's Creed II
Assassin's Creed Revelations
Bayden ProxyPick (remove only)
Blu-ray Disc Authoring Plug-in
BUFFALO eco Manager for HD
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
BufferChm
calibre
Chinese Simplified Fonts Support For Adobe Reader 9
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cobian Backup 10
ConvertHelper 2.2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Driver Download Manager
Dell Getting Started Guide
Dell Webcam Central
Destinations
DeviceDiscovery
DivXLand Media Subtitler
DjVuLibre+DjView
DocMgr
DocProc
DolbyFiles
Dr.eye 8.0 Professional for Multi-users
Dr.eye 8.0 Professional for Multi-users Dict
Dragon Age: Origins
Dropbox
EndNote X4
Eusing Free Registry Cleaner
Fax
FileZilla Client 3.3.5.1
France2Go for Smartphone
Google Chrome
Google Desktop
Google Talk Plugin
GoToAssist 8.0.0.514
GPBaseService2
Gracenote Plug-in
GTK+ Runtime 2.14.7 rev a (remove only)
Halftone Search
Hama Black Force Pad
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HP Update
HPDiagnosticAlert
HPProductAssistant
IBM ViaVoice TTS Runtime v6.701 -  US English
ImagXpress
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Full)
LingvoSoft Talking Dictionary 2007 English<->German for Windows
Live! Cam Avatar Creator
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.61.0.1400
ManyCam 2.6.1 (remove only)
Menu Templates - Starter Kit
Microsoft AppLocale
Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office IME (Chinese (Simplified)) 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office IME (Japanese) 2010
Microsoft Office IME (Korean) 2010
Microsoft Office IME 2010
Microsoft Office IME 2010 (Traditional Chinese)
Microsoft Office IMESS (Chinese (Traditional)) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Basque) 2010
Microsoft Office Proof (Bulgarian) 2010
Microsoft Office Proof (Catalan) 2010
Microsoft Office Proof (Chinese (Simplified)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (Croatian) 2010
Microsoft Office Proof (Czech) 2010
Microsoft Office Proof (Danish) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Estonian) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Galician) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Greek) 2010
Microsoft Office Proof (Gujarati) 2010
Microsoft Office Proof (Hebrew) 2010
Microsoft Office Proof (Hindi) 2010
Microsoft Office Proof (Hungarian) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Japanese) 2010
Microsoft Office Proof (Kannada) 2010
Microsoft Office Proof (Kazakh) 2010
Microsoft Office Proof (Korean) 2010
Microsoft Office Proof (Latvian) 2010
Microsoft Office Proof (Lithuanian) 2010
Microsoft Office Proof (Marathi) 2010
Microsoft Office Proof (Norwegian (Bokmal)) 2010
Microsoft Office Proof (Norwegian (Nynorsk)) 2010
Microsoft Office Proof (Polish) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Portuguese (Portugal)) 2010
Microsoft Office Proof (Punjabi) 2010
Microsoft Office Proof (Romanian) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Serbian (Latin)) 2010
Microsoft Office Proof (Slovak) 2010
Microsoft Office Proof (Slovenian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proof (Tamil) 2010
Microsoft Office Proof (Telugu) 2010
Microsoft Office Proof (Thai) 2010
Microsoft Office Proof (Turkish) 2010
Microsoft Office Proof (Ukrainian) 2010
Microsoft Office Proof (Urdu) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Kit 2010
Microsoft Office Proofing Tools Kit Compilation 2010
Microsoft Office ProofMUI (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobipocket Creator 4.2
Morgan M-JPEG codec V3
Movie Templates - Starter Kit
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NTFS Undelete 3.0.2.210
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OJOsoft Total Video Converter
PunkBuster Services
QuickTime
Registry Mechanic 10.0
ResearchSoft Direct Export Helper
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2596511) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype? 5.8
SmartWebPrinting
SolutionCenter
Sophos Anti-Rootkit 1.5.4
SoundTrax
Spybot - Search & Destroy
Star Wars Battlefront II
Star Wars: The Force Unleashed
Status
System Requirements Lab
System Requirements Lab for Intel
TeamViewer 5
Toolbox
TrayApp
Ubisoft Game Launcher
Ultralingua 6.1
Update for Microsoft .NET Framework
DDS (Ver_10-12-12.02) - NTFS_AMD64  
Run by Xuyuan at  1:45:47.97 on 30/04/2012
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Microsoft Windows 7 Ultimate   6.1.7601.1.950.886.1033.18.3838.1576 [GMT 2:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Xuyuan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Users\Xuyuan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Users\Xuyuan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
E:\My Documents\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uDefault_Page_URL = hxxp://www.bing.com
uInternet Settings,ProxyOverride = localhost, 127.0.0.1, hxxp://gaeapanda.dyndns.org:8888/cgi-bin/html/login.html
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSO Helper Object: {a2f122da-055f-4df7-8f24-7354dbdba85b} - FAIESSOHelper Class
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Dr.eye WebPage Translation: {92b255fe-94e2-4bca-958d-3926ce38913f} - C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMM
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-29 23:57:39
Windows 6.1.7601 Service Pack 1 
Running: 5n4whji7.exe


---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a049c7429                                                                                                                                                                                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a049c7437                                                                                                                                                                                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a101fac3                                                                                                                                                                                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a101fac3@58170ce50349                                                                                                                                                                                       0x60 0x25 0xF5 0xB7 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a101fac3@0023d4a9e78f                                                                                                                                                                                       0x5F 0x25 0x35 0x2B ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fa4793                                                                                                                                                                                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                                                                                                                                             771343423
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                                                                                                                                             285507792
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                                                                                                                                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                                               
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                            C:\Program Files (x86)\DAEMON Tools Lite\
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                                            0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                                            0
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                                         0x86 0xAE 0xE6 0x61 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                                                                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                                   0x20 0x01 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                                                0xE0 0x1E 0x14 0xAA ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                                                                                 
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                                           0x68 0x84 0x82 0x99 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                                                                                                                                                 
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                                                                                           0xAA 0x4D 0xB6 0xD5 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                                                                                                                                                                 
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                                                                                           0xFD 0x41 0x31 0x7D ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3                                                                                                                                                                                 
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                                                                                                                                                                           0x5E 0xAD 0xDA 0x6A ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a049c7429 (not active ControlSet)                                                                                                                                                                                
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a049c7437 (not active ControlSet)                                                                                                                                                                                
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a101fac3 (not active ControlSet)                                                                                                                                                                                
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a101fac3@58170ce50349                                                                                                                                                                                           0x60 0x25 0xF5 0xB7 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a101fac3@0023d4a9e78f                                                                                                                                                                                           0x5F 0x25 0x35 0x2B ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fa4793 (not active ControlSet)                                                                                                                                                                                
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                                           
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                                                0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0
Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org



Database version: v2012.04.29.04



Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Xuyuan :: LAPPIE [administrator]



30/04/2012 00:02:17

mbam-log-2012-04-30 (00-10-00).txt



Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232526

Time elapsed: 7 minute(s), 12 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 1

E:\My Documents\Downloads\SoftonicDownloader_for_lyrics-plugin-for-windows-media-player.exe (PUP.BundleOffer.Downloader.S) -> No action taken.



(end)
2
Contributors
10
Replies
13
Views
5 Years
Discussion Span
Last Post by Michael_SB
0

Hi, thanks for that. I installed WinDbg so I could open the memory dump, and see that Bugcheck 7A means probably some kind of hardware or driver error, but I am stymied as to figuring out what it is. I've attached a .txt file of the memory dump.

Attachments
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17790.amd64fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xfffff800`0341f000 PsLoadedModuleList = 0xfffff800`03663650
Debug session time: Sun Apr 29 23:08:16.269 2012 (UTC + 2:00)
System Uptime: 0 days 0:46:39.070
Loading Kernel Symbols
...............................................................
................................................................
................................Page 66d4c not present in the dump file. Type ".hh dbgerr004" for details
...Page 62d7d not present in the dump file. Type ".hh dbgerr004" for details
.............................
........
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffdf018).  Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7A, {fffff6fc5008ddd8, ffffffffc000009c, ba77880, fffff8a011bbb0d0}

Page 66d4c not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+3716a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in.  Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc5008ddd8, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc000009c, error status (normally i/o status code)
Arg3: 000000000ba77880, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a011bbb0d0, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:
------------------

Page 66d4c not present in the dump file. Type ".hh dbgerr004" for details

ERROR_CODE: (NTSTATUS) 0xc000009c - STATUS_DEVICE_DATA_ERROR

DISK_HARDWARE_ERROR: There was error with disk hardware

BUGCHECK_STR:  0x7a_c000009c

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800e4776e0 -- (.trap 0xfffff8800e4776e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80087e40a0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800037728d9 rsp=fffff8800e477870 rbp=0000000000000812
 r8=0000000000000812  r9=fffff8a011bb7040 r10=fffff8a011bbb0d0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!MiRelocateImagePfn+0x29:
fffff800`037728d9 493902          cmp     qword ptr [r10],rax ds:2220:b0d0=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000350bf12 to fffff8000349bc80

STACK_TEXT:  
fffff880`0e4773c8 fffff800`0350bf12 : 00000000`0000007a fffff6fc`5008ddd8 ffffffff`c000009c 00000000`0ba77880 : nt!KeBugCheckEx
fffff880`0e4773d0 fffff800`034c2b0f : fffffa80`088e40a0 fffff880`0e477540 fffff800`036d0600 fffffa80`088e40a0 : nt! ?? ::FNODOBFM::`string'+0x3716a
fffff880`0e4774b0 fffff800`034a92a9 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff880`0e4777c8 : nt!MiIssueHardFault+0x28b
fffff880`0e477580 fffff800`03499dae : 00000000`00000000 fffff8a0`11bbb0d0 00000000`00000000 00000000`0010f82f : nt!MmAccessFault+0x1399
fffff880`0e4776e0 fffff800`037728d9 : fffffa80`0939fa50 fffffa80`0939fa00 fffffa80`05700000 fffffa80`0849e951 : nt!KiPageFault+0x16e
fffff880`0e477870 fffff800`034cab4b : fffffa80`05702200 fffffa80`00000009 fffffa80`056b8000 fffffa80`0996fc00 : nt!MiRelocateImagePfn+0x29
fffff880`0e4778d0 fffff800`034c2b0f : fffffa80`0939fa50 fffff880`0e477a40 fffffa80`08873ec8 fffffa80`0939fa50 : nt!MiWaitForInPageComplete+0x7ef
fffff880`0e4779b0 fffff800`034a937a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x28b
fffff880`0e477a80 fffff800`03499dae : 00000000`00000000 000007fe`f35927c0 00000000`00000001 00000000`0010530f : nt!MmAccessFault+0x146a
fffff880`0e477be0 00000000`77b09c12 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0153be60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b09c12


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+3716a
fffff800`0350bf12 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+3716a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4f558b55

FAILURE_BUCKET_ID:  X64_0x7a_c000009c_nt!_??_::FNODOBFM::_string_+3716a

BUCKET_ID:  X64_0x7a_c000009c_nt!_??_::FNODOBFM::_string_+3716a

Followup: MachineOwner
---------
0

Thank you. I installed WinDbg, and managed to read the dump file, which is posted here. It says on the Windows website that "A hardware device, its driver, or related software might have caused this error" But I can't tell which one....

Attachments
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:53:54, on 30/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Xuyuan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Users\Xuyuan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [IME14 KOR Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
O4 - HKLM\..\Run: [IME14 CHS Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMDreyePlugin] "C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe" /h
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Xuyuan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_SEBA7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Xuyuan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Jacquie Lawson Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe
O4 - Startup: Jacquie Lawson London Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: English<->German - C:\Program Files (x86)\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-German) for Windows\Plugins\IE.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowser
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17790.amd64fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xfffff800`0341f000 PsLoadedModuleList = 0xfffff800`03663650
Debug session time: Sun Apr 29 23:08:16.269 2012 (UTC + 2:00)
System Uptime: 0 days 0:46:39.070
Loading Kernel Symbols
...............................................................
................................................................
................................Page 66d4c not present in the dump file. Type ".hh dbgerr004" for details
...Page 62d7d not present in the dump file. Type ".hh dbgerr004" for details
.............................
........
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffdf018).  Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7A, {fffff6fc5008ddd8, ffffffffc000009c, ba77880, fffff8a011bbb0d0}

Page 66d4c not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+3716a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in.  Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc5008ddd8, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc000009c, error status (normally i/o status code)
Arg3: 000000000ba77880, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a011bbb0d0, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:
------------------

Page 66d4c not present in the dump file. Type ".hh dbgerr004" for details

ERROR_CODE: (NTSTATUS) 0xc000009c - STATUS_DEVICE_DATA_ERROR

DISK_HARDWARE_ERROR: There was error with disk hardware

BUGCHECK_STR:  0x7a_c000009c

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800e4776e0 -- (.trap 0xfffff8800e4776e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80087e40a0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800037728d9 rsp=fffff8800e477870 rbp=0000000000000812
 r8=0000000000000812  r9=fffff8a011bb7040 r10=fffff8a011bbb0d0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!MiRelocateImagePfn+0x29:
fffff800`037728d9 493902          cmp     qword ptr [r10],rax ds:2220:b0d0=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000350bf12 to fffff8000349bc80

STACK_TEXT:  
fffff880`0e4773c8 fffff800`0350bf12 : 00000000`0000007a fffff6fc`5008ddd8 ffffffff`c000009c 00000000`0ba77880 : nt!KeBugCheckEx
fffff880`0e4773d0 fffff800`034c2b0f : fffffa80`088e40a0 fffff880`0e477540 fffff800`036d0600 fffffa80`088e40a0 : nt! ?? ::FNODOBFM::`string'+0x3716a
fffff880`0e4774b0 fffff800`034a92a9 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff880`0e4777c8 : nt!MiIssueHardFault+0x28b
fffff880`0e477580 fffff800`03499dae : 00000000`00000000 fffff8a0`11bbb0d0 00000000`00000000 00000000`0010f82f : nt!MmAccessFault+0x1399
fffff880`0e4776e0 fffff800`037728d9 : fffffa80`0939fa50 fffffa80`0939fa00 fffffa80`05700000 fffffa80`0849e951 : nt!KiPageFault+0x16e
fffff880`0e477870 fffff800`034cab4b : fffffa80`05702200 fffffa80`00000009 fffffa80`056b8000 fffffa80`0996fc00 : nt!MiRelocateImagePfn+0x29
fffff880`0e4778d0 fffff800`034c2b0f : fffffa80`0939fa50 fffff880`0e477a40 fffffa80`08873ec8 fffffa80`0939fa50 : nt!MiWaitForInPageComplete+0x7ef
fffff880`0e4779b0 fffff800`034a937a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x28b
fffff880`0e477a80 fffff800`03499dae : 00000000`00000000 000007fe`f35927c0 00000000`00000001 00000000`0010530f : nt!MmAccessFault+0x146a
fffff880`0e477be0 00000000`77b09c12 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0153be60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b09c12


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+3716a
fffff800`0350bf12 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+3716a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4f558b55

FAILURE_BUCKET_ID:  X64_0x7a_c000009c_nt!_??_::FNODOBFM::_string_+3716a

BUCKET_ID:  X64_0x7a_c000009c_nt!_??_::FNODOBFM::_string_+3716a

Followup: MachineOwner
---------
0

What's your hard drive specs and how long have you been using it? How about your ram modules?

Edited by scudzilla

0

Such specs as I could find from System Information are below. I've been using this since June 2010 - not 2 years.
The HDD does keep going through Chkdsk and fixing stuff when I recover boot.
Does the code give any helpful info about the source of the problem?

Windows 7 Ultimate Service Pack 1
Dell Studio XPS 1340
Processor Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz 2.53 GHz
Installed memory (RAM): 4.00 GB (3.75 GB usable)
System type: 64-bit Operating System
Pen and Touch: No Pen or Touch Input is available for this Display

The E and C drive are on the same HDD.

Drive C:
Description Local Fixed Disk
Compressed No
File System NTFS
Size 246,79 GB (264,989,626,368 bytes)
Free Space 58.71 GB (63,036,121,088 bytes)
Volume Name Windows
Volume Serial Number 304637BC
Drive D:
Description CD-ROM Disc
Drive E:
Description Local Fixed Disk
Compressed No
File System NTFS
Size 204.28 GB (219,345,317,888 bytes)
Free Space 75.12 GB (80,657,899,520 bytes)
Volume Name Data
Volume Serial Number 247664B0

0

The minidump says Status Device Data Error, which according to multiple sources (including the microsoft msdn), indicates bad sectors on the hard drive. But it is also possible that the page of kernel data can be read from the hard drive, but cannot be stored in faulty ram (dram, cache or even vram). Another possible cause is faulty drivers for the storage controller.

You could run a memtest to see if your ram is faulty. You could try to update drivers for your sata (or IDE) controllers. If you still get the error, backup any important files in your hard drive, then use chkdsk /r, or download HDD Regenerator, burn it to a disc and boot that.

0

Ok. Delay was a local tech scanned my HD and found 50+ viruses, and wanted me to see if that solved the problem. It didn't - I got a power out tonight, and it's happened multiple times. I've been trying memtest, but the laptop crashes when I'm not even at 5% tested - I wonder if that's a sign that it IS the RAM?

0

It is possible. Have you got multiple ram modules? If so, you can try them one at a time until you find a faulty one.

0

I do have dual RAM. I tested each individually, and both produced the power out. They were quite hot to the touch (Dell XPS 1340's are known to run pretty hot anyway). I suspect that each one overheated and tripped the power. So I've installed Core Temp and am monitoring the temperature, with a safety option to go to sleep when/if it gets to TjMax. I also bought some air in a can, and have dusted out the fan, chip area and keyboard. So, far, today, while the computer's stayed cool, no power out.

Your insight about the RAM not processing the kernel was really helpful for looking away from the HDD to the RAM. Thank you!

0

Dusting the insides kept the heat down, which has stopped the blackouts (Black Screens of Death), but it didn't stop the Blue Screens of Death, which kept producing the kernel error. I downloaded HDD Regenerator, and scanned a couple of times, and since then, no BSOD's of any kind. Thanks again!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.