Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSODs when scanning with MBAM and at random


17 Sep 2013   #1

Windows 7 Home Premium x64
 
 
BSODs when scanning with MBAM and at random

Hey,

I have been having some BSODs again and was hoping i could get some help with it. I can't finish a full scan with MBAM, as i Get a BSOD in the process. That isn't the main problem, I have been getting BSODs aswell when I am not scanning, i would like to fix this. I have uploaded the files from the SF Diagnostic Tool in the attachment.

My system specs:
Windows 7 home premium 64-bit, ati radeon hd 5770, 8 gb drr3, AMD Athlon II x4 640 @3,0 ghz processor

Thanks in advance,
Robert



Attached Files
File Type: rar SF_17-09-2013.rar (1.09 MB, 1 views)
My System SpecsSystem Spec
.

17 Sep 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Code:
BugCheck 3B, {c0000005, fffff80003384d37, fffff880063b4c90, 0}

Probably caused by : memory_corruption ( nt!MiIdentifyPfn+317 )
Code:
fffff880063b4c90 -- (.cxr 0xfffff880063b4c90)
rax=0000000000000001 rbx=0200000000191e29 rcx=ff00fa800b1e5580
rdx=0000000000185aa0 rsi=0000000000000000 rdi=fffffa800c918408
rip=fffff80003384d37 rsp=fffff880063b5670 rbp=fffffa800b1b4d80
 r8=0000000000192a49  r9=0000000000000001 r10=0000000000000042
r11=0000058000000000 r12=0000000000000000 r13=0000000000000000
r14=fffffa800b1b4d00 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!MiIdentifyPfn+0x317:
fffff800`03384d37 488b4118        mov     rax,qword ptr [rcx+18h] ds:002b:ff00fa80`0b1e5598=????????????????
Code:
1: kd> lmvm atikmpag
start             end                 module name
fffff880`03e36000 fffff880`03ed4000   atikmpag T (no symbols)           
    Loaded symbol image file: atikmpag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmpag.sys
    Image name: atikmpag.sys
    Timestamp:        Thu Sep 05 07:33:34 2013 (522825BE)
    CheckSum:         0009FE87
    ImageSize:        0009E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
You appear to be using the Beta drivers for your AMD graphics card, please roll back to the latest WHQL version from here - AMD Graphics Drivers & Software

Quote:
WHQL
Release Date: April 24th 2013
Version: 13.4
In Device Manager: 12.104
My System SpecsSystem Spec
19 Sep 2013   #3

Windows 7 Home Premium x64
 
 

I did that, still had 3 in the meantime. Attached these.

As thing on top of the message it says "System service exception" mostly.


Attached Files
File Type: rar Desktop.rar (61.2 KB, 1 views)
My System SpecsSystem Spec
.


19 Sep 2013   #4

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Code:
0: kd> !thread
GetPointerFromAddress: unable to read from fffff800034af000
THREAD fffffa800d300b50  Cid 0b1c.0f0c  Teb: 000007fffffa4000 Win32Thread: 0000000000000000 RUNNING on processor 0
IRP List:
    Unable to read nt!_IRP @ fffffa800aaacae0
Not impersonating
GetUlongFromAddress: unable to read from fffff800033eeba4
Owning Process            fffffa800a8c3a70       Image:         NisSrv.exe
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      149444       
Context Switch Count      139            IdealProcessor: 0             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x000000007708fbf0
Stack Init fffff88003e75db0 Current fffff88003e75aa0
Base fffff88003e76000 Limit fffff88003e70000 Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
It does seem to be a driver issue, we can see this with a pending IRP in the crashed thread.

Code:
BugCheck 19, {22, fffffa800c604000, 0, 0}

GetPointerFromAddress: unable to read from fffff800034b7100
GetUlongFromAddress: unable to read from fffff800034b71c0
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+72e6 )
Code:
3: kd> !poolval fffffa800c604000
Pool page fffffa800c604000 region is Nonpaged pool

Validating Pool headers for pool page: fffffa800c604000

Pool page [ fffffa800c604000 ] is __inVALID.

Analyzing linked list...


Scanning for single bit errors...

None found
Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:
information   Information


Pleass select the Individual Settings option, and then enable all the settings, apart from the Low Resources Simulation.
My System SpecsSystem Spec
23 Sep 2013   #5

Windows 7 Home Premium x64
 
 

So here is something interesting, I didn't have any BSODs when using verifier. As soon as I just turned off verifier, I gain 3 BSODs...

Well I had 2 BSODs in 3 days with verifier, but that seems a lot less that 3 in less than an hour without the verifier running.

I didn't get the dmp files of the 2 BSODs with verifier(my system doesn't make dmp files while using verifier, very hard to explain. I get the beginning of an BSOD, sometimes the actual blue screen, sometimes the crash screen before the blue screen, but it freezes at that point. So it doesn't make a dmp file and just freezes like that until i manually restart the computer.), but I attached the last 3 files.


Attached Files
File Type: rar Desktop.rar (64.7 KB, 1 views)
My System SpecsSystem Spec
30 Sep 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Code:
2: kd> lmvm atikmdag

start             end                 module name
fffff880`07252000 fffff880`07dc5000   atikmdag T (no symbols)           
    Loaded symbol image file: atikmdag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
    Image name: atikmdag.sys
    Timestamp:        Fri Mar 29 02:27:04 2013 (5154FBF8)
    CheckSum:         00B25604
    ImageSize:        00B73000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your graphics card driver still seems to be problematic, and AMD have released a new WHQL driver:

Quote:
WHQL
Release Date: September 18th 2013
Version: 13.9
In Device Manager: 13.152
My System SpecsSystem Spec
Reply

 BSODs when scanning with MBAM and at random




Thread Tools



Similar help and support threads for2: BSODs when scanning with MBAM and at random
Thread Forum
BSOD while scanning with AVG, logging into windows. Random times. BSOD Help and Support
Random BSODs Caused by Random Files with Differing Stop Codes BSOD Help and Support
BSODs when scanning with malwarebytes BSOD Help and Support
Solved Random BSODs during random tasks. Latest error: 0x1000007e BSOD Help and Support
could my kaspersky idle scanning cause random reboots System Security
Random BSODs; Firefox 4 random crashes BSOD Help and Support
Random BSODS at Random Times - Please Help BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:37 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33