Blue Screen of death

Ok so i am usually pretty good with computers.... up until i upgraded up to windows 7. i recently got the Windows Recovery Virus and finally got it removed ( i hope) but now when i start my PC up normally... ill be able to use it for 5 minutes then i will get the blue screen of death with the following error:

*** Stop: 0X0000008E (0XC0000005, 0X88F19487, 0X8B9D56DC, 0X00000000

*** ataport.sys - address 88F19487 base at 88f13000, Datestamp 4ce788e8

and i have: Microsoft (R) Windows (R) (Build 7601: Service Pack 1)


Please help me out.

 

Was the upgrade to W7 from a format/clean install or an in-place upgrade? An upgrade could easily have brought over earlier bugs that may well complicate any attempts to fix the current problem.

Can you run the PC from Safe Mode with networking? If so, check that Windows is set to save minidumps, if it is already and you have one, could you copy it to your Desktop, zip and attach it please, I'll try to check through it.

 

i did a clean install. but when i got that windows recovery virus it messed me up. i attached these 4 files that i have for the minidump. i am pretty sure both sets of two are identical. and i am sorry about how long it took for a reply... i had family emergency and i haven't been home for a little under a week. Thank you.

 

No worries nicknitz, real life comes first, I hope everything is well now.

I'm having problems running a debug on the 0xa0 minidumps, so I'll just deal with the 0xc0000005's for now:

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck [B]1000008E[/B], {c0000005, 837a5487, bf68b6dc, 0}

*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 837a5487, The address that the exception occurred at
Arg3: bf68b6dc, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ataport!IdePortDispatchDeviceControl+b
837a5487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  bf68b6dc -- (.trap 0xffffffffbf68b6dc)
ErrCode = 00000000
eax=85fdd6f8 ebx=00000000 ecx=00000000 edx=8524abc8 esi=85fdd6f8 edi=bf68b7a0
eip=837a5487 esp=bf68b750 ebp=bf68b750 iopl=0         nv up ei ng nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010283
ataport!IdePortDispatchDeviceControl+0xb:
837a5487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82c79047 to 837a5487

STACK_TEXT:  
bf68b750 82c79047 85fdd6f8 8524abc8 bf68b7e2 ataport!IdePortDispatchDeviceControl+0xb
bf68b768 89284206 364f3543 bf68b844 86a5ad16 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
bf68b7c4 89284720 bf68b844 85f17c70 855784d8 klif+0x6d206
bf68b828 837e5bf5 bf68b844 00000005 00000008 klif+0x6d720
bf68b85c 837e6417 85381320 00000005 3c1570b4 fltmgr!FltpDoInstanceSetupNotification+0x69
bf68b8a8 837e67d1 85f17c40 855784d8 00000005 fltmgr!FltpInitInstance+0x25d
bf68b918 837e68d7 85f17c40 855784d8 00000005 fltmgr!FltpCreateInstanceFromName+0x285
bf68b984 837efcde 85f17c40 855784d8 00000005 fltmgr!FltpEnumerateRegistryInstances+0xf9
bf68b9d4 837e47f4 855784d8 8709b590 853ebaa0 fltmgr!FltpDoFilterNotificationForNewVolume+0xe0
bf68ba18 82c79047 852da4b0 855784d8 853ebafc fltmgr!FltpCreate+0x206
bf68ba30 82e4de7b 8f518522 bf68bbd8 00000000 nt!IofCallDriver+0x63
bf68bb08 82e51056 85fdd6f8 a513d618 86c7b4e8 nt!IopParseDevice+0xed7
bf68bb84 82e8fa4a 00000000 bf68bbd8 00000040 nt!ObpLookupObjectName+0x4fa
bf68bbe4 82e4b41c 0112e968 8513d618 82ea3c01 nt!ObOpenObjectByName+0x165
bf68bc60 82e96462 0112e9c4 80100080 0112e968 nt!IopCreateFile+0x673
bf68bcac 89244b44 0112e9c4 80100080 0112e968 nt!NtCreateFile+0x34
bf68bd00 82c7f87a 0112e9c4 80100080 0112e968 klif+0x2db44
bf68bd00 771570b4 0112e9c4 80100080 0112e968 nt!KiFastCallEntry+0x12a
0112e9cc 00000000 00000000 00000000 00000000 0x771570b4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdePortDispatchDeviceControl+b
837a5487 80b98600000000  cmp     byte ptr [ecx+86h],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ataport!IdePortDispatchDeviceControl+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce788e8

FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

Followup: MachineOwner
---------







*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 83782487, bf6e06dc, 0}

*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 83782487, The address that the exception occurred at
Arg3: bf6e06dc, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ataport!IdePortDispatchDeviceControl+b
83782487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  bf6e06dc -- (.trap 0xffffffffbf6e06dc)
ErrCode = 00000000
eax=85fe7828 ebx=00000000 ecx=00000000 edx=8535dd60 esi=85fe7828 edi=bf6e07a0
eip=83782487 esp=bf6e0750 ebp=bf6e0750 iopl=0         nv up ei ng nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010283
ataport!IdePortDispatchDeviceControl+0xb:
83782487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82c33047 to 83782487

STACK_TEXT:  
bf6e0750 82c33047 85fe7828 8535dd60 bf6e07e2 ataport!IdePortDispatchDeviceControl+0xb
bf6e0768 8925e206 364b251f bf6e0844 855b9d76 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
bf6e07c4 8925e720 bf6e0844 85f18ad0 85665608 klif+0x6d206
bf6e0828 837c2bf5 bf6e0844 00000005 00000008 klif+0x6d720
bf6e085c 837c3417 856e0008 00000005 3c1590b4 fltmgr!FltpDoInstanceSetupNotification+0x69
bf6e08a8 837c37d1 85f18aa0 85665608 00000005 fltmgr!FltpInitInstance+0x25d
bf6e0918 837c38d7 85f18aa0 85665608 00000005 fltmgr!FltpCreateInstanceFromName+0x285
bf6e0984 837cccde 85f18aa0 85665608 00000005 fltmgr!FltpEnumerateRegistryInstances+0xf9
bf6e09d4 837c17f4 85665608 87018438 85496038 fltmgr!FltpDoFilterNotificationForNewVolume+0xe0
bf6e0a18 82c33047 870377c0 85665608 85496094 fltmgr!FltpCreate+0x206
bf6e0a30 82e07e7b 8f593543 bf6e0bd8 00000000 nt!IofCallDriver+0x63
bf6e0b08 82e0b056 85fe7828 a514e618 854e3d20 nt!IopParseDevice+0xed7
bf6e0b84 82e49a4a 00000000 bf6e0bd8 00000040 nt!ObpLookupObjectName+0x4fa
bf6e0be4 82e0541c 005ee888 8514e618 82e5dc01 nt!ObOpenObjectByName+0x165
bf6e0c60 82e50462 005ee8e4 80100080 005ee888 nt!IopCreateFile+0x673
bf6e0cac 8921eb44 005ee8e4 80100080 005ee888 nt!NtCreateFile+0x34
bf6e0d00 82c3987a 005ee8e4 80100080 005ee888 klif+0x2db44
bf6e0d00 779b70b4 005ee8e4 80100080 005ee888 nt!KiFastCallEntry+0x12a
005ee8ec 00000000 00000000 00000000 00000000 0x779b70b4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdePortDispatchDeviceControl+b
83782487 80b98600000000  cmp     byte ptr [ecx+86h],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ataport!IdePortDispatchDeviceControl+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce788e8

FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

Followup: MachineOwner
---------

From what I can see, I'd guess that you have a malware infection, maybe an MBR infection too.

Head over to the Malware forum and read through this Post carefully before you begin the steps needed to create the diagnostic logs.

 

nicknitz , read this post !! :cool

http://pcsupport.about.com/od/findbyerrormessage/a/stop0x0000008e.htm

 

@ falconattack: If all you could find was that page, I suspect you need to sharpen your searching skills - try looking through this Google search for clues.

More clues are in the bugcheck analysis posted earlier: klif.sys = Kaspersky, mentioned 3 times in each Stack Trace. Ataport = all hard drive data flows through here. "fltmgr!FltpCreateInstanceFromName" is interesting too - Google again, see the Symantec page? Malware trying to infect via Autorun perhaps?

I prefer to get a diagnosis, or at least some real clues, before suggesting a route to a fix. Pointing someone to some generic web page isn't very helpful.



@ nicknitz: Normal service is now resumed - back to the bottom of Post #4 for you

 

Ok satrow my mistake was to give general information about the problem !! :cool

 

Well, the general information = historical - doesn't look like it applies here, this appears to be a recently created malware that triggers the same BSOD message

 

Thank you satrow. My computer now seems as if it is working fine. Thank you for your help i appreciate it