Minidump on BSOD

Minidump attachment found here

 

Is this a one time thing or is it happening alot?

 

This is happening very frequently. The pc monitor would freeze frequently for a moment and then resume 3 or 4 times until the BSOD occurs. I'm also pretty sure that it happens every time I turn on the pc.

 

I just found some more files and used BlueScreenView on most of them. I'll attach the results

 

A quick breakdown of the minidumps chronologically:

And a breakdown of common causes for those errors (per carrona.org):

What was the last update, install/uninstall before this began?

The sequence begins with 3x consistent BSOD's - what did you change, install/uninstall after the 3rd BSOD? Had you noticed any other irregular happenings around this time?

Is the appearance of mbam.sys in the stack text of the first 3 dumps significant? Is this the Pro version or did you recently install the trial version of MalwareBytes?

Can you copy the *.dmp files to the Desktop, zip them and attach the resulting zip file please, I'll try to debug them further.

 

I have around 25 GB of memory space in my computer. I'll do the rest in about 1 hour since I'm in school

 

Here's the zip as requested.

This Malware version is only a trial. After the BSOD, I've tried to system restore it to a much older version. It still popped up as recently so it can't be a software that is installed. I also have 41.5 GB free out 83.8 memory so it can't be insufficient space.

 

I debugged one of the 3 earlier 0x8e BSOD's:

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8368b487, 9d6d6f7c, 0}

*** WARNING: Unable to verify timestamp for mbam.sys
*** ERROR: Module load completed but symbols could not be loaded for mbam.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8368b487, The address that the exception occurred at
Arg3: 9d6d6f7c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ataport!IdePortDispatchDeviceControl+b
8368b487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  9d6d6f7c -- (.trap 0xffffffff9d6d6f7c)
ErrCode = 00000000
eax=850e6030 ebx=850e6030 ecx=00000000 edx=873e19a0 esi=850e6030 edi=00000000
eip=8368b487 esp=9d6d6ff0 ebp=9d6d6ff0 iopl=0         nv up ei ng nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010283
ataport!IdePortDispatchDeviceControl+0xb:
8368b487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82c7648c to 8368b487

STACK_TEXT:  
9d6d6ff0 82c7648c 850e6030 873e19a0 00000200 ataport!IdePortDispatchDeviceControl+0xb
9d6d7008 82e284eb 871196e8 9d6d789c 82ca48a3 nt!IofCallDriver+0x63
9d6d7868 a1bf9aaa 850e6030 86ed3af0 8507c008 nt!IoVolumeDeviceToDosName+0x7e
WARNING: Stack unwind information not available. Following frames may be wrong.
9d6d7880 836cbbf5 86ed3af0 00000005 00000008 mbam+0xaaa
9d6d78b4 836cc417 852bbe98 00000005 1e01514e fltmgr!FltpDoInstanceSetupNotification+0x69
9d6d7900 836cc7d1 871196b8 8507c008 00000005 fltmgr!FltpInitInstance+0x25d
9d6d7970 836cc8d7 871196b8 8507c008 00000005 fltmgr!FltpCreateInstanceFromName+0x285
9d6d79dc 836d5cde 871196b8 8507c008 00000005 fltmgr!FltpEnumerateRegistryInstances+0xf9
9d6d7a2c 836ca7f4 8507c008 86aa5550 852ba038 [B]fltmgr!FltpDoFilterNotificationForNewVolume+0xe0[/B]
9d6d7a70 82c7648c 8518c030 8507c008 852ba094 fltmgr!FltpCreate+0x206
9d6d7a88 82e7aafd bab71b6a 9d6d7c30 00000000 nt!IofCallDriver+0x63
9d6d7b60 82e5b57b 850e6030 a50c94c0 8528c830 nt!IopParseDevice+0xed7
9d6d7bdc 82e81729 00000000 9d6d7c30 00000040 nt!ObpLookupObjectName+0x4fa
9d6d7c38 82e79a7b 00cae7e4 850c94c0 00000001 nt!ObOpenObjectByName+0x165
9d6d7cb4 82e85392 00cae840 80100080 00cae7e4 nt!IopCreateFile+0x673
9d6d7d00 82c7d41a 00cae840 80100080 00cae7e4 nt!NtCreateFile+0x34
9d6d7d00 77c96344 00cae840 80100080 00cae7e4 nt!KiFastCallEntry+0x12a
00cae848 00000000 00000000 00000000 00000000 0x77c96344


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdePortDispatchDeviceControl+b
8368b487 80b98600000000  cmp     byte ptr [ecx+86h],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ataport!IdePortDispatchDeviceControl+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf16

FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

Followup: MachineOwner
---------

1: kd> lmvm ataport
start    end        module name
83685000 836a8000   ataport    (pdb symbols)          c:\symbols\ataport.pdb\7AC193B7BDE242239273B5CD16763D751\ataport.pdb
    Loaded symbol image file: ataport.SYS
    Mapped memory image file: c:\symbols\ataport.SYS\4A5BBF1623000\ataport.SYS
    Image path: ataport.SYS
    Image name: ataport.SYS
    Timestamp:        Tue Jul 14 00:11:18 2009 (4A5BBF16)
    CheckSum:         0002F425
    ImageSize:        00023000
    File version:     6.1.7600.16385
    Product version:  6.1.7600.16385
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0000.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ataport.sys
    OriginalFilename: ataport.sys
    ProductVersion:   6.1.7600.16385
    FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)
    FileDescription:  ATAPI Driver Extension
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

It's unusual to see mbam not being validated by the debugging symbols; mbam and ataport.sys are in the frame for 'causing' this but I see in the stack text what looks like a blank drive (CD/DVD ... ? ) has just been connected? Do you recall putting in a blank disc (drive?) and getting an immediate BSOD? If not, I think I would be suspecting malware, maybe a rootkit.

To check for any evidence of infection, please follow the instructions for your version of Windows in this thread, once you've completed the tasks and collected the logs, make a new thread in the Malware forum and attach the logs.

 

I have never put a blank disc or driver into the pc. The only thing I've done on that computer is do a schoolwork and occasional games. I'll scan for infections ASAP.