Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting numerous BSoD per day, help needed!


  • Please log in to reply
23 replies to this topic

#1 Jondk

Jondk

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 11 January 2014 - 02:20 PM

Hi guys! So... Recently my computer is BSoD'ing at random and I have no clue on how it's happening. If you could help me fix it, I'd be eternally grateful!

 

 

The BSoD can happen at ANY time. My computer can run smoothly for several hours, and then it happens, or it can happen just after I turn on my computer.... Or any time in between.

 

I had a look at another topic here, and did some foot work:

 

http://speccy.piriform.com/results/NxQiNRGVoC0dE73UI2duKW1

 

==================================================
Dump File         : 011114-30544-01.dmp
Crash Time        : 11-01-2014 19:39:31
Bug Check String  : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code    : 0x0000007f
Parameter 1       : 0x00000000
Parameter 2       : 0x00000000
Parameter 3       : 0x00000000
Parameter 4       : 0x00000000
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+7e46d
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : Advanced Micro Devices, Inc.
File Version      : 8.01.01.1248
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+3f07b
Stack Address 1   : atikmdag.sys+7e46d
Stack Address 2   : atikmdag.sys+7dab4
Stack Address 3   : atikmdag.sys+5e8b7
Computer Name     : 
Full Path         : C:\Windows\Minidump\011114-30544-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 150.152
Dump File Time    : 11-01-2014 19:40:34
==================================================
 
If you need any other information please let me know, and I'll comply ASAP!

Edited by hamluis, 12 January 2014 - 02:49 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 11 January 2014 - 02:46 PM

Speccy is not going to do anything for this.  You need to download "Who Crashed" and post the results, or a picture of the BSOD's that you are getting.  99.99% of the time, it is either going to be failing hardware or bad drivers.



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:04 PM

Posted 11 January 2014 - 04:42 PM

Well...you don't need Who Crashed to recognize the letters "ATI" in the Caused By Driver caption.  ATI makes graphics chipsets, so it's obviously the ATI driver which should be the first suspect, IMO.

 

I would uninstall all ATI software/drivers (including CCC), using Add/Remove Programs AND Device Manager...then reboot and reinstall the ATI package.

 

If that doesn't resolve it...that would be the time to try to dig deeper, IMO.

 

Louis



#4 cmptrgy

cmptrgy

  • Members
  • 1,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:06:04 PM

Posted 11 January 2014 - 05:54 PM

I like it when someone does some footwork

 

How did you create the dump file?

This is one of the websites I http://support.microsoft.com/kb/931673 I found

--- Is this a good one to go by?



#5 Jondk

Jondk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 January 2014 - 06:41 AM

Well...you don't need Who Crashed to recognize the letters "ATI" in the Caused By Driver caption.  ATI makes graphics chipsets, so it's obviously the ATI driver which should be the first suspect, IMO.

 

I would uninstall all ATI software/drivers (including CCC), using Add/Remove Programs AND Device Manager...then reboot and reinstall the ATI package.

 

If that doesn't resolve it...that would be the time to try to dig deeper, IMO.

 

Louis

 

Thank you for your respond Louis!

 

After I realized it was related to the GFX card (googled the atikmdag.sys error) I tried updating to the newest drivers from the official site. It stopped 90% of the crashes. If I start a game or anything that takes up a lot of CPU, it will still crash (Didn't do this a month ago)

 

I'll try to remove everything ATI related, and then re-install the newest updates as you suggest, and will tell you how it went.

 

 

I like it when someone does some footwork

 

How did you create the dump file?

This is one of the websites I http://support.microsoft.com/kb/931673 I found

--- Is this a good one to go by?

 

I just used the original one that windows creates, wouldn't know if the method suggested in your link is valid or not.



#6 Jondk

Jondk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 January 2014 - 07:12 AM

I believe I've deleted everything ATI related (HD audio driver, gfx driver, ccc, cleaned the Registry database too) - I restarted, and just did a fresh install on the previous mentioned. Will restart and see what happens now. :)



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:04 PM

Posted 12 January 2014 - 11:07 AM

Your mention of "cleaning the Registry" brings bad thoughts to mind.  I hope that you are not using a registry cleaner/optimizer application.

 

The registry doesn't need "cleaning"...that's just hype promoted by those who develop "registry cleaners".

 

Microsoft support policy for the use of registry cleaning utilities - http://support.microsoft.com/kb/2563254

 

Registry cleaner - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Registry_cleaner

 

Registry Cleaner FAQ, PC Support - http://pcsupport.about.com/od/registry-cleaner/a/registry-cleaner-faq.htm

 

See commnets by quietman 7 re registry cleaners...at http://www.bleepingcomputer.com/forums/t/516416/is-this-a-virus-hijack-this-caught-it-3-times-and-i-cannot-remove-it/?p=3225408 .

 

Louis



#8 Jondk

Jondk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 January 2014 - 12:39 PM

Your mention of "cleaning the Registry" brings bad thoughts to mind.  I hope that you are not using a registry cleaner/optimizer application.

 

The registry doesn't need "cleaning"...that's just hype promoted by those who develop "registry cleaners".

 

Microsoft support policy for the use of registry cleaning utilities - http://support.microsoft.com/kb/2563254

 

Registry cleaner - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Registry_cleaner

 

Registry Cleaner FAQ, PC Support - http://pcsupport.about.com/od/registry-cleaner/a/registry-cleaner-faq.htm

 

See commnets by quietman 7 re registry cleaners...at http://www.bleepingcomputer.com/forums/t/516416/is-this-a-virus-hijack-this-caught-it-3-times-and-i-cannot-remove-it/?p=3225408 .

 

Louis

 

I used "regedit" and searched for "ATI". I hope I haven't messed anything up though - I will check out your links once I'm done with this post.

 

 

So since my last post I've only had one BSoD (Just now) even though I've tried to provoke a crash multiple times throughout the day by forcing high CPU usage as well as GPU usage.

 

The one I just had seemed to be completely random, all I did was watch a video on youtube, and had another tab open with Facebook.

 

 

This is the Bluescreen connected to the crash:

 

==================================================
Dump File         : 011214-36020-01.dmp
Crash Time        : 12-01-2014 18:25:16
Bug Check String  : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code    : 0x0000007f
Parameter 1       : 0x00000000
Parameter 2       : 0x00000000
Parameter 3       : 0x00000000
Parameter 4       : 0x00000000
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+7e46d
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : Advanced Micro Devices, Inc.
File Version      : 8.01.01.1248
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+3f07b
Stack Address 1   : atikmdag.sys+7e46d
Stack Address 2   : atikmdag.sys+7dab4
Stack Address 3   : atikmdag.sys+5e8b7
Computer Name     : 
Full Path         : C:\Windows\Minidump\011214-36020-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145.992
Dump File Time    : 12-01-2014 18:26:59
==================================================
 
 
 
Looks to me like it's the exact same error as I started out with. How do you suggest I proceed?


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:04 PM

Posted 12 January 2014 - 01:27 PM

You should be fine using regedit...I do the same when I have problems with ATI chipsets :).

 

Take a read, http://msdn.microsoft.com/en-us/library/ms854946.aspx .  My personal experience with ATI chipsets is that such errors relate to the driver package installed...but I suppose that a hardware failure could occur.

 

Looking at your Speccy data...I see that are running Spybot and have the TeaTimer function enabled.  I suggest uninstalling Spybot (better alternatives available today) and killing the TeaTimer service (at the very least) since it is known to cause unforeseen system issues.

 

See comments by quietman7, http://www.bleepingcomputer.com/forums/t/387794/is-spybot-search-and-destroy-is-still-useful/ .

 

Louis



#10 Jondk

Jondk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 January 2014 - 01:45 PM

Thank you once again for your reply Louis!

 

I read something similar to your first link earlier. I decided to keep digging, and did some searches on similar problems caused by virus. I found several websites that suggested it could be a rootkit. I just finished running Malwarebytes anti-toolkit, which found 2 malware problems. I am doing a second scan now just to be on the safeside. The toolkit must have slipped under my protection, do you have any suggestions for something more permanent? - Would the tool that quietman7 suggest work for that?

 

I uninstalled Spybot S&D, as you and quietman7 both suggests, it's seems outdated and irrelevant.

 

I'll make some stress tests on my GPU and CPU when the second scan is done, and we'll see what happens. - Hopefully it was just the rootkit that caused the error.

 

Edit: Nope, just crashed again - Before my scan had finished


Edited by Jondk, 12 January 2014 - 02:00 PM.


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:04 PM

Posted 12 January 2014 - 02:48 PM

The fact that your scan turned up malware...moves this from a "Win 7" problem to a malware problem.

 

Moving topic to Am I Infected forum.

 

Louis



#12 Jondk

Jondk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 January 2014 - 03:38 PM

Thanks Louis. :)

 

I look clean using both anti-rootkit, anti-spyware and anti-virus now. Although I do fear the problems is occurring due to changes done by the malware.



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:04 AM

Posted 15 January 2014 - 03:11 PM

 I just finished running Malwarebytes anti-toolkit, which found 2 malware problems

Hello -

Do you still have the logs with the infections included, and can you paste them here ??

 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

 

 

Now can you perform a Full Scan with Malwarebytes' Anti-Malware - Basic directions below if needed -

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Trial Version at this time -
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer if requested.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Thanks -



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:04 AM

Posted 15 January 2014 - 03:39 PM

After the above has been completed, or attempted, please run this scan -

 

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for thise that will not use Internet Explorer

Please read and follow How To Temporarily Disable Your Anti-virus during the scan.

1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.

3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.

4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Thanks -



#15 Jondk

Jondk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 16 January 2014 - 06:04 AM

The suspicious files in question were these:

 

TrojanAgent.16384.56.unpa.mg

 

C:\Windows\System32\Slotma~2.dll

 

and

 

Packed.Krap.c.zxxgd.mg

 

-------------- vtex.exe in one of my steam sub-folders - I guess this is a false negative actually?

 

 

 

 

Going through the steps you suggested now.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users