BSOD: Due to CNET download of WinRar

jjj2576 · Mar 20, 2014

Hello friends,
This past weekend (Sat: 3/15, I believe-- perhaps Sunday), I was gearing up to wrap-up grading and work for Spring Break. I enjoy taking many breaks when I grade, and was attempting to download a version of WinRar-- unfortunately, the version of WinRar I downloaded was from CNET, which has a Trojan attached to it. Even if it does not-- this was somehow the catalyst for me receiving a Trojan on my laptop along with SpyWare.
I spent most of the day fixing the problem. The trojan was associated with a program called Search Agnet, I think-- I cannot remember right now. I will update details that I remember on this matter. I successfully removed the trojan and the spyware after several hours of stress. But I am unsure if I fixed the problem completely.
-----------------------------
So today as I came in, my laptop showed the BSOD and gave me the Kernel_Data_Inpage_Error message.
It did give me a memory dump file. This happened a second time and gave me another memory dump file. How can I upload the memory dump files to this message-- it won't let me upload them? I have the laptop in Safe Mode and it is functioning correctly. How can I fix this error?
Cheers,
Jesse J. R. Jennings

Brink · Mar 20, 2014

Hello Jesse, and welcome to Eight Forums.

Please read the instructions here: Bl ue Screen of Death (BSOD) Posting Instructions, and post back with the needed information. One of our BSOD experts should be by afterwards to further help.

jjj2576 · Mar 20, 2014

Brink,
I apologize for not following the instructions initially. Here are my Dump files in a zipped folder. Save me Brink! You are my only hope!
Cheers,
Jesse J. R. Jennings

I apologize for not including this earlier. But during one of the errors one of the files came up: WER-91640-0.sysdata.xml

usasma · Mar 20, 2014

Unfortunately, the upload is incomplete. Please rerun the application and let it run for at least 15 minutes (or until the app itself tells you that it's done). Then zip it up and upload it.

Also, as this is a confirmed infection, I'd strongly suggest that you perform additional scans with an independent scanner in order to be sure that you're not still infected. If you don't have it, I'd suggest the free version of MalwareBytes: https://www.malwarebytes.org/free/ There are other free scanners listed here: Free Online AntiMalware Resources

Here's what I got from the 2 memory dumps that made it into the uploaded files.....

It appears that you have AVG and McAfee installed. Please uninstall both, then install a fresh copy of the latest Win8 comapatible version of the one that you choose to use. Only use one antivirus and one firewall at a time - otherwise they will compete with each other and may even allow virus' onto your system.

If all of this doesn't stop the BSOD's, please run Driver Verifier according to these instructions: Driver Verifier Settings

Analysis:
The following is for informational purposes only.

Code:

[font=lucida console]**************************Thu Mar 20 11:57:10.494 2014 (UTC - 4:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\032014-29046-01.dmp]
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Built by: [B]9200[/B].16628.amd64fre.win8_gdr.130531-1504
System Uptime:[B]0 days 0:20:15.209[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+24cc6 )[/B]
BugCheck [B]7A, {4, 0, fffffa8003a8d610, 7521ed74}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#Example]KERNEL_DATA_INPAGE_ERROR (7a)[/url]
Arguments: 
Arg1: 0000000000000004, lock type that was held (value 1,2,3, or PTE address)
Arg2: 0000000000000000, error status (normally i/o status code)
Arg3: fffffa8003a8d610, current process (virtual address for lock type 3, or PTE)
Arg4: 000000007521ed74, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
BUGCHECK_STR:  0x7a_0
PROCESS_NAME:  mcagent.exe
FAILURE_BUCKET_ID: [B]0x7a_0_nt!_??_::FNODOBFM::_string_[/B]
CPUID:        "Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz"
MaxSpeed:     2600
CurrentSpeed: [B]2594[/B]
  BIOS Version                  K55A.406
  BIOS Release Date             11/08/2012
  Manufacturer                  ASUSTeK COMPUTER INC.
  Product Name                  K55A
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Mar 20 11:35:00.047 2014 (UTC - 4:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\032014-23421-01.dmp]
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Built by: [B]9200[/B].16628.amd64fre.win8_gdr.130531-1504
System Uptime:[B]0 days 11:28:25.248[/B]
Probably caused by :[B]ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+24cc6 )[/B]
BugCheck [B]7A, {4, 0, fffffa8008c92e80, 31513ac05c}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#Example]KERNEL_DATA_INPAGE_ERROR (7a)[/url]
Arguments: 
Arg1: 0000000000000004, lock type that was held (value 1,2,3, or PTE address)
Arg2: 0000000000000000, error status (normally i/o status code)
Arg3: fffffa8008c92e80, current process (virtual address for lock type 3, or PTE)
Arg4: 00000031513ac05c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
BUGCHECK_STR:  0x7a_0
PROCESS_NAME:  avgcsrva.exe
FAILURE_BUCKET_ID: [B]0x7a_0_nt!_??_::FNODOBFM::_string_[/B]
CPUID:        "Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz"
MaxSpeed:     2600
CurrentSpeed: [B]2594[/B]
  BIOS Version                  K55A.406
  BIOS Release Date             11/08/2012
  Manufacturer                  ASUSTeK COMPUTER INC.
  Product Name                  K55A
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
[/font]

3rd Party Drivers:
The following is for information purposes only.
Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.

Code:

[font=lucida console]**************************Thu Mar 20 11:57:10.494 2014 (UTC - 4:00)**************************
ASMMAP64.sys                Thu Jul  2 05:13:26 2009 (4A4C7A36)
atkwmiacpi64.sys            Tue Sep  6 21:44:52 2011 (4E66CC94)
AiCharger.sys               Thu Sep 22 22:04:40 2011 (4E7BE938)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
AsHIDSwitch64.sys           Wed May 30 22:38:32 2012 (4FC6D9A8)
Rt630x64.sys                Tue Jun 12 09:37:53 2012 (4FD74631)
IntcDAud.sys                Tue Jun 19 10:40:51 2012 (4FE08F73)
HECIx64.sys                 Mon Jul  2 18:14:58 2012 (4FF21D62)
RtsBaStor.sys               Tue Jul  3 01:55:21 2012 (4FF28949)
iaStorA.sys                 Mon Jul  9 16:42:33 2012 (4FFB4239)
dump_iaStorA.sys            Mon Jul  9 16:42:33 2012 (4FFB4239)
RTKVHD64.sys                Tue Jul 17 09:11:37 2012 (50056489)
igdkmd64.sys                Tue Jul 31 18:05:35 2012 (501856AF)
kbfiltr.sys                 Wed Aug  1 23:22:22 2012 (5019F26E)
athw8x.sys                  Thu Aug 16 03:01:18 2012 (502C9ABE)
AsusTP.sys                  Mon Oct 29 14:23:54 2012 (508EC9BA)
intelppm.sys                Mon Nov  5 22:55:02 2012 (50988A16)
mfehidk.sys                 Tue Jan 15 13:21:15 2013 (50F59E1B)
mfewfpk.sys                 Tue Jan 15 13:21:30 2013 (50F59E2A)
mfeapfk.sys                 Tue Jan 15 13:21:56 2013 (50F59E44)
mfeavfk.sys                 Tue Jan 15 13:22:16 2013 (50F59E58)
mfefirek.sys                Tue Jan 15 13:24:04 2013 (50F59EC4)
cfwids.sys                  Tue Jan 15 13:24:37 2013 (50F59EE5)
avgrkx64.sys                Mon Sep  9 18:42:59 2013 (522E4EF3)
avgmfx64.sys                Mon Sep 30 18:49:53 2013 (524A0011)
avgwfpa.sys                 Mon Oct 21 16:28:13 2013 (52658E5D)
avgloga.sys                 Thu Oct 31 17:49:41 2013 (5272D075)
avgdiska.sys                Mon Nov 25 15:47:16 2013 (5293B754)
avgidsdrivera.sys           Mon Nov 25 15:47:17 2013 (5293B755)
avgidsha.sys                Mon Nov 25 15:47:18 2013 (5293B756)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Mar 20 11:35:00.047 2014 (UTC - 4:00)**************************
avgldx64.sys                Thu Oct 31 18:00:14 2013 (5272D2EE)
[/font]

lifetec · Mar 20, 2014

Both your dumpfiles are STOP 0x0000007A: KERNEL_DATA_INPAGE_ERROR
Usual causes: Memory, Paging file corruption, File system, Hard drive, Cabling, Virus infection, Improperly seated cards, BIOS, Bad motherboard, Missing Service Pack.

You mentioned you caught a virusinfection are you sure you succesfully removed the virus.
You did not mentioned the steps you did.
Did you run Anti-Malwarbytes, TdssKiller , any other ?

Analyzing the dumpfiles one mentioned avgcsrva.exe ( part of AVG), the other mentioned mcagent.exe (McAfee).
I assume that you first used AVG and now use McAfee.

The driverlist taken from the latest dumpfile shows still many drivers related to AVG.
Please use the AVGRemover from http://www.avg.com/us-en/utilities to completely uninstall all leftovers of AVG.

Please also update these older drivers to windows 8.1 compatibility. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

ASMMAP64 Thu Jul 02 11:13:26 2009 (4a4c7a36) 0000ceab ASMMAP64.sys
Driver Description: LENOVO ATK Hotkey ATK0101 ACPI UTILITY (also found in Asus systems)
Driver Update Site: Lenovo Support - Home (US)

atkwmiacpi64 Wed Sep 07 03:44:52 2011 (4e66cc94) 000056b5 atkwmiacpi64.sys
Driver Description: ATK WMIACPI Utility
Driver Update Site: http://support.asus.com/download/download.aspx

AiCharger Fri Sep 23 04:04:40 2011 (4e7be938) 0000a877 AiCharger.sys
Likely BSOD cause - haven't seen recently (15Jan2013)
Driver Update Site: ASUSTeK Computer Inc. -Support- Drivers and Download P6T

If all of this doesn't stop the BSOD's, please run Driver Verifier according to these instructions: Driver Verifier Settings.

Because also hardware related issues can cause STOP 0x0000007A: KERNEL_DATA_INPAGE_ERROR , you can also run these free hardware diagnostics: Hardware Diagnostics.

BSOD: Due to CNET download of WinRar

jjj2576

New Member

My Computer

System One

Brink

Administrator

My Computer

System One

jjj2576

New Member

My Computer

System One

usasma

Mr. Cranky Pants

My Computer

System One

lifetec

New Member

My Computer

System One