Second BSOD in a week with new win7 64 installation

What is "it"?

Still awaiting the output of the other script.

bulmer,
Your wdo log files appear to have been edited.

I'm going to need you to run wdo again and to run the wdologs.zip script without any editing of the logs.

My eyes must be playing tricks on me.


I've made a couple of changes to the script so that I can spot certain information easier.

Would you please use this revised version? Sorry for the inconvenience.

Script:

# ************************************************************
# Zips up your log files from Windows Defender Offline
#  and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************

function New-Zip {
    param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
    [String] $Path, [Switch] $PassThru, [Switch] $Force )
    Process { if (Test-Path $path) {if (-not $Force) { return } }
    Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
    $item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
  [Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')] 
  [String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
  Begin {$ShellApplication = New-Object -ComObject Shell.Application
  if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
  $ZipPackage =$ShellApplication.Namespace("$Path")}
  Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }        
  if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 } 
    Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
  $Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
   $ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$divider = "#" * 79
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir  -rec -force -ea:silentlycontinue | sort-object -property lastwritetime 
$b = $a | where {$_.extension -eq '.log'} |Select  mode, fullname, name, creationtime, lastwritetime,  lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {
out-file -append $fileinfo -inputobject $divider
out-file -append  $fileinfo -inputobject $_.fullname;
out-file -append $fileinfo -inputobject (get-content -path $_.fullname)
}
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip  $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo

EXIT
EXIT

# ************************************************************ 


You missed one important minidump setting.

STARTUP AND RECOVERY SETTINGS
WIN + PAUSE/BREAK key combo |
Advanced system settings (left-hand side) |
Advanced tab, Startup and Recovery section, Settings |
System Failure section | checkmark Write an Event to the system log
| uncheck Automatically restart |


Under Write debugging information, select Small memory dump |
in the Small dump directory: box, enter %SystemRoot%\Minidump| OK

If Overwrite any existing file is checked, then:
Ø Under Write debugging information, select Kernel memory dump
!!!!!!#####################!!!!! This is the one you missed!
Ø Uncheck Overwrite any existing file

That must be unchecked so that you can collect more than one .dmp file.

Sorry for the delay, had to sleep...probably your turn now.
Ok, I fixed that one I missed (didn't think it was necessary because it was greyed out) and here is the new output from the revised functions..

Your log files do not look correct.

You will need to run WDO again. Run the full scan.