BSOD. help analyzing minidump file please

I'm having a hard time getting WindDbg to read my minidump files.  I have read it will take a long time sometimes, but I have been waiting at the below screen for 4 hrs now.  
 where the debugger is hanging
The computer having the problem is running Windows 7 professional 32 bit.
I was able to boot the computer to safe mode and copy the dmp files to a thumb drive so I could analyze them on my computer running Wind 7 Ult 64 bit.

Anyways it is taking me to long and I am hoping someone can help me out and take a look at the dmp files attached.  There are about 15 from today, I zipped up the last 3.

Thanks for helping!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello !

If you don't have TrendMicro installed, then you may have a virus.

in WinDbg, when you reach that screen, type !thread in the command bar. It should give you something like WinDbg.txt.

Check on line 7 "NtrtScan.exe". this file is part of TrendMicro antivirus OR it's a virus in disguise.

jcharshafAuthor Commented:
We do have TrendMicro installed, did anything else stand out?  I will try what you said to type !thread into the command bar to see if I am able to view the text.

i could also not open your dumps - they seem corrupt.
i would start by testing the ram with memtest86+ from, or download ubcd :      
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

jcharshafAuthor Commented:
I entered this command in the window from the picture I originally posted ! analyze -v and got the following results.  I'm not sure how to read these 100%, but the wording sounds like some sort of virus possibly.  I am going to run a virus scan tomorrow from safe mode.

1: kd> ! analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
Arg1: aeecf80c, Actual security check cookie from the stack
Arg2: 00a701e2, Expected security check cookie
Arg3: ff58fe1d, Complement of the expected security check cookie
Arg4: 00000000, zero

Debugging Details:


SECURITY_COOKIE:  Expected 00a701e2 found aeecf80c





LAST_CONTROL_TRANSFER:  from a4b79f15 to 82f31d10

aeecf6d8 a4b79f15 000000f7 aeecf80c 00a701e2 nt!KeBugCheckEx+0x1e
WARNING: Stack unwind information not available. Following frames may be wrong.
aeecf6f8 a4b7934c 00221ace 00000000 00000000 tmcomm+0x15f15
aeecf80c 00000000 00000000 00000000 00000000 tmcomm+0x1534c


a4b79f15 ??              ???


SYMBOL_NAME:  tmcomm+15f15

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  tmcomm.sys




Followup: MachineOwner
Hello !

That just confirm what I thought. You have this "PROCESS_NAME:  NTRtScan.exe" and this "IMAGE_NAME:  tmcomm.sys" which are both TrendMicro files. It's not a virus, it's a buggy antivirus.

I would download another antivirus, disconnect from internet, uninstall TM and install the other AV.

I've been a user of AVG for years and now I use Microsoft's Security Essentials and I'm very happy with it.

Download Clamwin portable at to scan your computer, since TM seems to be in problem, and Clamwin doesn't need installation, you'll confirm that you don't have a virus. Then, procede with the installation of the new antivirus and leave your computer in that state for a while to test its stability.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You were doing a Trend Micro virus scan when the driver  tmcomm.sys went "out of bounds" and wrote over the stack buffer in memory.  See if there are any updates to the antivirus software which may resolve this situation.

If the bsod persists, uninstall Trend Micro with the removal tool so as to remove all traces of the software:
jcharshafAuthor Commented:
Thanks for the replies,  I should add that this is Trend Micro Client Server Security Agent and not Internet Security.  The AV gets updates daily from our server, so it looks like I will have to uninstall Trend and re-install after doing a virus scan.  Thanks for the link, I will give Clamwin a try.
jcharshafAuthor Commented:
you are exactly right.  I just noticed that this laptop has Trend Internet Security installed along with Trend Micro Client Server.  I am assuming that these 2 AV programs aren't getting along.  Thanks for the link to removing Trend Internet Security, I will give that a go now.
The process that was running at the time of the bsod was  NTRtScan.exe:
jcharshafAuthor Commented:
I am having a horrible time getting rid of this Trend Internet Security 2009.  I am following instructions found from Trend, I have run the Uninstaller program they suggest because the program isn't listed in the list of programs to uninstall in Control Panel.

I have also tried deleting the registry key for PC Cillin and it keeps coming back when I restart!  

Any help would be appreciated.
uninstall office scan from safe mode. then try to uninstall pc cillin.  officescan has a watchdog that will revert system changes to trend.
jcharshafAuthor Commented:
I was finally able to get rid of all the AV programs.
Then after rebooting a few times and using the laptop to make sure it was stable, I re-installed Trend Micro Client Server security agent and boom, blue screen.  uninstalled trend again in safe mode system seemed fine, then installed AVG free edition and boom, blue screen again!  Doing a full scan using malwarebytes overnight, if nothing turns up I will just reformat and start over.

Thanks for all the help!
you can also run sfc /scannow from the run box...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.