New
#1
BSOD while running full malwarebytes antimalware program
I've had this happen about 3-4 times while running this program. All help will be appreciated Thanks!
I've had this happen about 3-4 times while running this program. All help will be appreciated Thanks!
Well, you have uploaded the SF Diag tool itself, whereas we need the data generated by running it.
Post it following the Blue Screen of Death (BSOD) Posting Instructions.
That's what I get for leaving too many icons on my desktop sorry folks! I hope this is correct.
Scan the system for possible virus infection with the following programs.
Get rid of intel rapid storage. First uninstall it from Control Panel > Programs and Features. Then Uninstall the driver from device manager.
- Right click on "my computer" icon and click "manage" on the context menu.
- It will open the "computer management" window.
- Select "Device Manager" in the left pane, It will list all the existing devices up.
- Expand "IDE ATA/ATAPI controllers" by clicking on the triangle in front of it.
- Select one Intel device item under it, right click, uninstall.
- Continue the process for all Intel items under "IDE ATA/ATAPI controllers"
- Now restart the computer. At restart, windows will auto configure the appropriate native system driver.
Update JMicron Controllers from ftp://driver.jmicron.com.tw/SATA_Controller/Windows/.
Let us know the results.
_______________________________________________________________
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 34, {50853, fffff880074b87e8, fffff880074b8040, fffff80002296e5f} Probably caused by : memory_corruption ( nt!MiCheckControlArea+17f ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CACHE_MANAGER (34) See the comment for FAT_FILE_SYSTEM (0x23) Arguments: Arg1: 0000000000050853 Arg2: fffff880074b87e8 Arg3: fffff880074b8040 Arg4: fffff80002296e5f Debugging Details: ------------------ EXCEPTION_RECORD: fffff880074b87e8 -- (.exr 0xfffff880074b87e8) ExceptionAddress: fffff80002296e5f (nt!MiCheckControlArea+0x000000000000017f) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff880074b8040 -- (.cxr 0xfffff880074b8040) rax=fffffa8010678450 rbx=0000000000000000 rcx=0000000000008080 rdx=0000000000000000 rsi=fffffa800d050270 rdi=0000000000000000 rip=fffff80002296e5f rsp=fffff880074b8a20 rbp=fffffa800f9a7500 r8=fffffa800fed8010 r9=fffff880074b88d8 r10=fffffa80097b12c0 r11=fffff880074b8ac0 r12=0000000000000000 r13=0010000000000000 r14=000000000000fffe r15=0000000000000001 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210206 nt!MiCheckControlArea+0x17f: fffff800`02296e5f 49395d50 cmp qword ptr [r13+50h],rbx ds:002b:00100000`00000050=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800024b3100 GetUlongFromAddress: unable to read from fffff800024b31c0 ffffffffffffffff FOLLOWUP_IP: nt!MiCheckControlArea+17f fffff800`02296e5f 49395d50 cmp qword ptr [r13+50h],rbx FAULTING_IP: nt!MiCheckControlArea+17f fffff800`02296e5f 49395d50 cmp qword ptr [r13+50h],rbx BUGCHECK_STR: 0x34 LAST_CONTROL_TRANSFER: from fffff80002284e54 to fffff80002296e5f STACK_TEXT: fffff880`074b8a20 fffff800`02284e54 : 00000000`00000000 00000000`00000000 fffffa80`0f9a7500 fffffa80`06709880 : nt!MiCheckControlArea+0x17f fffff880`074b8a90 fffff800`022bfc4b : fffffa80`0f9a7500 fffffa80`10678450 fffffa80`10678400 fffffa80`10678400 : nt!ObfDereferenceObject+0xd4 fffff880`074b8af0 fffff800`022c04ce : fffffa80`0f9a7520 fffffa80`0f9a7520 fffff880`0225d180 fffffa80`10678400 : nt!CcDeleteSharedCacheMap+0x1cb fffff880`074b8b50 fffff800`022c0b08 : fffff880`0225d700 fffff880`074b8c58 fffffa80`0cf429b0 fffff800`02482938 : nt!CcWriteBehind+0x54e fffff880`074b8c00 fffff800`02285261 : fffffa80`0670a510 fffff800`02573a01 fffff800`02482920 fffffa80`00000002 : nt!CcWorkerThread+0x1c8 fffff880`074b8cb0 fffff800`02519bae : 00000000`00000001 fffffa80`0710f040 00000000`00000080 fffffa80`066ec040 : nt!ExpWorkerThread+0x111 fffff880`074b8d40 fffff800`0226c8c6 : fffff880`009e8180 fffffa80`0710f040 fffffa80`0aade2a0 00000001`dd68e000 : nt!PspSystemThreadStartup+0x5a fffff880`074b8d80 00000000`00000000 : fffff880`074b9000 fffff880`074b3000 fffff880`074b89e0 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!MiCheckControlArea+17f FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 51db806a STACK_COMMAND: .cxr 0xfffff880074b8040 ; kb IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0x34_nt!MiCheckControlArea+17f BUCKET_ID: X64_0x34_nt!MiCheckControlArea+17f Followup: MachineOwner ---------
I got this from WhoCrashed program.
Crash Dump Analysis
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Mon 9/16/2013 11:55:13 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091613-6458-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75B80)
Bugcheck code: 0x34 (0x50853, 0xFFFFF880074B87E8, 0xFFFFF880074B8040, 0xFFFFF80002296E5F)
Error: CACHE_MANAGER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a problem occurred in the file system's cache manager.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
Ill try what you said Thanks! :)
I've completed all the instructions now I will run my maleware program and see if it makes it all the way through. Thank you very much! :)
I ran the malware program earlier with no problems but just ran it again and got another BSOD. Here is whocrashed report also. Crash Dump Analysis
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Tue 9/17/2013 2:55:37 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091713-8985-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x88A16)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF80002291A16, 0xFFFFF8800250F888, 0xFFFFF8800250F0E0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.