Solved Help analyze BSOD memory dump log

February 17, 2015 at 13:20:44
Specs: Windows 7
I found the dump, how do I read or use it to find the problem? I have been getting this blue screen error about once a week.

See More: Help analyze BSOD memory dump log

Report •

✔ Best Answer
February 20, 2015 at 14:08:42
Extract from the screen317's Security Check log.
"AVG Internet Security 2014
Norton Internet Security"

You can only have one AV, they are fighting each other.
I would keep AVG.

How can I fully remove Norton Antivirus from my system?
https://support.norton.com/sp/en/us...
http://www.askdavetaylor.com/how_to...
http://www.askdavetaylor.com/how_ca...
http://www.pchell.com/virus/uninsta...
http://www.softpedia.com/get/Tweak/...

AVG Download Center
http://www.avg.com/au-en/utilities
AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc. AVG Remover is the last option to be used in case the AVG uninstall / repair installation process has failed repeatedly.



#1
February 17, 2015 at 15:30:20
Copy & Paste the dump (.dmp ) file onto your desktop & then upload it using ZippyShare. No account needed. Post the link please.
I will then analyze the results & post them in my reply.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
Minidump file is located in C:\Windows\Minidump

Report •

#2
February 17, 2015 at 15:32:12
Also, can you send me these logs please.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#3
February 19, 2015 at 15:55:05
ok, I get to the Zippyshare and my dump size is MEMORY - Copy.DMP (1.1 GB) ? too large? I did run Fubar and this is the link http://www54.zippyshare.com/v/vKZsg...


Report •

Related Solutions

#4
February 19, 2015 at 16:01:53
"dump size is MEMORY - Copy.DMP (1.1 GB) ?"
Yep, way to big, send the one from here.
Minidump file is located in C:\Windows\Minidump

Waiting on the second log > Addition.txt


Report •

#5
February 19, 2015 at 19:36:47

Report •

#6
February 19, 2015 at 19:51:22
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8800f4d0dfb, The address that the exception occurred at
Arg3: fffff88005676228, Exception Record Address
Arg4: fffff88005675a80, Context Record Address

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
atikmdag+c4dfb
fffff880`0f4d0dfb 488b83a8060000 mov rax,qword ptr [rbx+6A8h]

EXCEPTION_RECORD: fffff88005676228 -- (.exr 0xfffff88005676228)
ExceptionAddress: fffff8800f4d0dfb (atikmdag+0x00000000000c4dfb)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000000006a8
Attempt to read from address 00000000000006a8

CONTEXT: fffff88005675a80 -- (.cxr 0xfffff88005675a80)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000040000 rdi=0000000000000002
rip=fffff8800f4d0dfb rsp=fffff88005676460 rbp=fffffa800b4319a0
r8=0000000000000002 r9=000000f415f44000 r10=0000000000000000
r11=fffff88005676690 r12=fffffa800a55e940 r13=fffffa800a7d0640
r14=fffffa800f35d010 r15=fffff8800f40c000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
atikmdag+0xc4dfb:
fffff880`0f4d0dfb 488b83a8060000 mov rax,qword ptr [rbx+6A8h] ds:002b:00000000`000006a8=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 00000000000006a8

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032cc100
GetUlongFromAddress: unable to read from fffff800032cc1c0
00000000000006a8 Nonpaged pool

FOLLOWUP_IP:
atikmdag+c4dfb
fffff880`0f4d0dfb 488b83a8060000 mov rax,qword ptr [rbx+6A8h]

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff8800f4d0dfb

STACK_TEXT:
fffff880`05676460 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0f35d010 : atikmdag+0xc4dfb


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: atikmdag+c4dfb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: atikmdag

IMAGE_NAME: atikmdag.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 52ff3aef

STACK_COMMAND: .cxr 0xfffff88005675a80 ; kb

FAILURE_BUCKET_ID: X64_0x7E_atikmdag+c4dfb

BUCKET_ID: X64_0x7E_atikmdag+c4dfb

Followup: MachineOwner


Report •

#7
February 19, 2015 at 19:53:29
Bug Check 0x1000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
https://msdn.microsoft.com/en-us/li...

Report •

#8
February 19, 2015 at 20:05:27
Here are the first 2 steps, there will be more steps needed after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#9
February 20, 2015 at 05:02:07
http://www58.zippyshare.com/v/UfJG6... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Roger on Thu 02/19/2015 at 23:59:04.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Roger\AppData\Roaming\mozilla\firefox\profiles\giekf8b3.default-1410642575928\minidumps [7 files]


~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/20/2015 at 0:01:25.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#10
February 20, 2015 at 05:09:57
Thanks, here is the plan, get rid of all the nasties & then see if you still have issues, we might get lucky.

Step 3: Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Idle-#-Crawler (HKLM-x32\...\Idle-#-Crawler) (Version: 87.0.0.434 - Internet Resources Analyzing Foundation) <==== ATTENTION
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Task: {1BCA3618-3FCF-4207-BB5E-1FA908FB89A6} - System32\Tasks\Idle-#-Crawler Runner => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {F7566C9B-9CE8-4BD2-86F9-5B740109CAB2} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_103] => [X]
HKU\S-1-5-21-2785739107-2070479792-1272048292-1001\...\MountPoints2: {1e0e0646-2aaa-11e4-850f-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2785739107-2070479792-1272048292-1001\...\MountPoints2: {dfeeb066-3228-11e4-9e0c-806e6f6e6963} - D:\EasySuite.exe
HKU\S-1-5-21-2785739107-2070479792-1272048292-1001\...\MountPoints2: {fcc5bd77-3205-11e4-b31d-0023246ec914} - D:\EasySuite.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2785739107-2070479792-1272048292-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2785739107-2070479792-1272048292-1001 -> {A78DFB64-CB7F-430C-A4D8-EA14860E91BA} URL = https://search.yahoo.com/search?fr=...
SearchScopes: HKU\S-1-5-21-2785739107-2070479792-1272048292-1001 -> {CC290BEE-3176-41F2-8BD6-9A5305AB0FBB} URL =
SearchScopes: HKU\S-1-5-21-2785739107-2070479792-1272048292-1001 -> {F040DFFC-4055-471E-BF7D-3C51A125D7AC} URL = https://search.yahoo.com/search?p={...
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL No File
BHO-x32: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKU\S-1-5-21-2785739107-2070479792-1272048292-1001 -> No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 LeCrud64; \??\C:\PROGRA~3\Lenovo\SYSTEM~1\session\REPOSI~1\FBJYA5~1\LeCrud64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\Roger\AppData\Local\Temp\converter.exe
C:\Users\Roger\AppData\Local\Temp\ochelper.exe
C:\Users\Roger\AppData\Local\Temp\ose00000.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#11
February 20, 2015 at 06:04:21
Step 4: Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#12
February 20, 2015 at 09:03:35
FRST http://www33.zippyshare.com/v/OJeEl... Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
AVG Internet Security 2014
Norton Internet Security
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
[b][color=green] Java 64-bit 8 Update 31[/b][/color]
Adobe Flash Player 16.0.0.305
Adobe Reader 10.1.13 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (35.0.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
AVG avgwdsvc.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#13
February 20, 2015 at 14:00:01
"FRST http://www33.zippyshare.com/v/OJeEl..."
Wrong.

Reread my post #10

message edited by Johnw


Report •

#14
February 20, 2015 at 14:08:42
✔ Best Answer
Extract from the screen317's Security Check log.
"AVG Internet Security 2014
Norton Internet Security"

You can only have one AV, they are fighting each other.
I would keep AVG.

How can I fully remove Norton Antivirus from my system?
https://support.norton.com/sp/en/us...
http://www.askdavetaylor.com/how_to...
http://www.askdavetaylor.com/how_ca...
http://www.pchell.com/virus/uninsta...
http://www.softpedia.com/get/Tweak/...

AVG Download Center
http://www.avg.com/au-en/utilities
AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc. AVG Remover is the last option to be used in case the AVG uninstall / repair installation process has failed repeatedly.


Report •

#15
February 25, 2015 at 06:09:13
All of the steps were followed. will wait and see if it happens again. thanks

Report •

Ask Question