BSOD Crash When Inspecting Memory

[Bryan61]

I'm usually pretty good bout protecting myself, but....I let my self get infected with smumi.club. I have attempted to follow all instructions to the letter for removal. The one part I had to skip was when I used the trial of Malwarebytes when it started to scan the memory I got a brief BSOD and then a reboot. Since I wasn't watching closely at the time, I had to repeat it to verify. the next time I let it skip the memory test and all "seemed" to go well (of course it didn't).

In trying variations, running MWB in Safe Mode w/Networking the memory test completes normally, but file scan results in a BSOD and a reboot.

I am attaching 2 zip files with each with 2 zip files you requested. The one labeled "with" is a fresh boot (normal mode) with the false instance of Chrome running (as I understand that is the malware), The one labeled "without" is a fresh boot; only having used Task Manager to kill the false instance of Chrome.

System summary:

HP DV7 Laptop

Model DV7-4153CL

Processor    AMD Turion(tm) II P540 Dual-Core Processor, 2400 Mhz, 2 Core(s), 2 Logical Processor(s)

BIOS Version/Date    Hewlett-Packard F.28, 4/11/2011 (Up to date)

OS Name    Microsoft Windows 7 Home Premium 64-bit

Version    6.1.7601 Service Pack 1 Build 7601

Only that is not OEM is the HDD....The original went out and I replaced it with an SSD.

I hope I have provided you with the info you need. If not, let me know.

with.zip

without.zip

Edited August 2, 2017 by Bryan61
typos

[1PW]

Hello @Bryan61 and

Unfortunately, something may have been lost in translation upon examination of the above attachments.  It is realized that the following instructions can be bewildering at first.  Take your time.

Please very carefully re-read the Locked/Pinned topic near the top of this subforum: Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 & Vista.

Then please attach the 2 requested zipped files and the 13 answers for the requested computer/system information.

Additionally, if a minidump file was written to the system's "%SystemRoot%/Minidump" directory, please .zip the latest .dmp file that corresponds to a related BSoD, and also attach it before an aggressive cleanup utility deletes the directory and/or its contents.  If good notes from the system's display were taken when the BSoD occurred, all the exact hexadecimal values can be quite helpful for troubleshooting analysts.

If you require additional help, please do not hesitate to ask.  Thank you.

[Bryan61]

No notes were able to be taken from from the BSOD as there is some setting some where (presumably in the BIOS) that makes it automatically reboot faster than anything can even be read.

· OS -  Windows 7
· x64
· Windows 7
· full retail version
· Age of system - 10 years?
· Age of OS installation 5? 6? years - have you re-installed the OS - Yes when I replaced the HDD with an SSD

· CPU AMD Turion(tm) II P540 Dual-Core Processor, 2400 Mhz
· Video Card AMD M880G with ATI Mobility Radeon HD 4250

· MotherBoard - laptop
· Power Supply - laptop

· System Manufacturer HP
· Exact model number DV7-4153CL

· Laptop

Perfmon.zip

SysnativeFileCollectionApp.zip

mini.dmp.zip

[usasma]

 

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

FYI - I have seen a number of systems that have BSOD problems and have both MalwareBytes and ZAM installed.
I understand that they aren't supposed to be incompatible, but I can't help but wonder (at this time).
I suggest uninstalling the ZAM to see if that helps with the MBAM problem.  Leave the ZAM off until the problem is fixed - just in case.
I also wonder about the compatibility of the Immunet program, as  it's drivers are also showing in the memory dumps.  Please uninstall it also.

The BSOD errors that you are seeing ( STOP 0x7A ) can be either hardware or software.
As such, please start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.html
Please note that at least one of the memory dumps blames a disk hardware error - so a hard drive problem is the most likely problem here.

If the hardware diagnostics don't find anything, then please run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

Finally, have a look at the list of drivers below.  Many of them are very old - and I have to wonder if there are updates for them that might address problems that are similar to those that you are currently facing.  Please look for updates for all of the older one's (prior to 29 July 2015) and see if you can update them.

 

 

Edited August 2, 2017 by usasma

[usasma]

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Tue Aug  1 19:02:52.490 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\080117-19110-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:0 days 3:09:41.020
Probably caused by :ataport.SYS ( ataport!DllUnload+249c )
BugCheck 7A, {fffff6fc40007138, ffffffffc0000185, 8a91c860, fffff88000e2793c}
BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
Arguments:
Arg1: fffff6fc40007138, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 000000008a91c860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff88000e2793c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR:  0x7a_c0000185
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_0x7a_c0000185_ataport!DllUnload+249c
  BIOS Version                  F.28
  BIOS Release Date             04/11/2011
  Manufacturer                  Hewlett-Packard
  Product Name                  HP Pavilion dv7 Notebook PC
  Baseboard Product             1442
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Aug  1 14:38:54.819 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\080117-14461-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:0 days 2:28:21.349
Probably caused by :ataport.SYS ( ataport!DllUnload+249c )
BugCheck 7A, {fffff6fc40006f78, ffffffffc0000185, 27dda860, fffff88000def93c}
BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
Arguments:
Arg1: fffff6fc40006f78, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 0000000027dda860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff88000def93c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR:  0x7a_c0000185
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_0x7a_c0000185_ataport!DllUnload+249c
  BIOS Version                  F.28
  BIOS Release Date             04/11/2011
  Manufacturer                  Hewlett-Packard
  Product Name                  HP Pavilion dv7 Notebook PC
  Baseboard Product             1442
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jul 31 15:22:21.528 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\073117-18673-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:0 days 0:27:42.058
Probably caused by :ataport.SYS ( ataport!DllUnload+249c )
BugCheck 7A, {fffff6fc400060f0, ffffffffc0000185, bd61f860, fffff88000c1e93c}
BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
Arguments:
Arg1: fffff6fc400060f0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 00000000bd61f860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff88000c1e93c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR:  0x7a_c0000185
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_0x7a_c0000185_ataport!DllUnload+249c
  BIOS Version                  F.28
  BIOS Release Date             04/11/2011
  Manufacturer                  Hewlett-Packard
  Product Name                  HP Pavilion dv7 Notebook PC
  Baseboard Product             1442
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
The rest of the memory dump summaries are hidden in the Spoiler tag below.  Click on "Show" to reveal them.

**************************Mon Jul 31 14:54:22.157 2017 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\073117-24523-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
System Uptime:6 days 20:13:20.716
Probably caused by :ataport.SYS ( ataport!DllUnload+249c )
BugCheck 7A, {fffff6fc400070f0, ffffffffc0000185, 1ea99860, fffff88000e1e93c}
BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
Arguments:
Arg1: fffff6fc400070f0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 000000001ea99860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff88000e1e93c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR:  0x7a_c0000185
PROCESS_NAME:  System
FAILURE_BUCKET_ID: X64_0x7a_c0000185_ataport!DllUnload+249c
  BIOS Version                  F.28
  BIOS Release Date             04/11/2011
  Manufacturer                  Hewlett-Packard
  Product Name                  HP Pavilion dv7 Notebook PC
  Baseboard Product             1442
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:
**************************Tue Aug  1 19:02:52.490 2017 (UTC - 4:00)**************************
BthAvrcp.sys                Thu Aug 13 04:38:23 2009 (4A83D0FF)
AtiPcie.sys                 Mon Aug 24 04:25:26 2009 (4A924E76)
bthav.sys                   Mon Dec 21 05:42:58 2009 (4B2F5132)
BthAudioHF.sys              Mon Dec 21 05:43:35 2009 (4B2F5157)
usbfilter.sys               Tue Dec 22 03:26:22 2009 (4B3082AE)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
stwrt64.sys                 Thu Jul 22 03:25:34 2010 (4C47F26E)
atikmpag.sys                Sun Sep 19 21:21:01 2010 (4C96B6FD)
atikmdag.sys                Sun Sep 19 21:47:42 2010 (4C96BD3E)
hpdskflt.sys                Fri May 13 14:47:02 2011 (4DCD7CA6)
Accelerometer.sys           Fri May 13 14:47:02 2011 (4DCD7CA6)
Rt64win7.sys                Fri Jun 10 02:33:15 2011 (4DF1BAAB)
BazisVirtualCDBus.sys       Mon Aug  8 14:11:12 2011 (4E4026C0)
SynTP.sys                   Thu Oct 13 22:34:52 2011 (4E979FCC)
SplitCamAudio.sys           Tue Mar 27 10:01:15 2012 (4F71C82B)
athrx.sys                   Thu Jun 14 04:23:09 2012 (4FD99F6D)
lvrs64.sys                  Fri Sep 21 15:02:17 2012 (505CB9B9)
lvuvc64.sys                 Fri Sep 21 15:03:12 2012 (505CB9F0)
ElbyCDIO.sys                Mon Mar  4 04:21:51 2013 (513467AF)
VClone.sys                  Sun Mar 10 20:49:12 2013 (513D2A08)
networx.sys                 Thu Nov  5 14:52:09 2015 (563BB369)
splitcam_hd_driver.sys      Mon Feb  8 01:41:33 2016 (56B8389D)
AtihdW76.sys                Wed Mar 30 01:00:37 2016 (56FB5D75)
mbae64.sys                  Fri Apr 29 06:10:09 2016 (57233301)
immunetselfprotect.sys      Tue Jun  7 17:55:17 2016 (575742C5)
immunetprotect.sys          Tue Jun  7 17:55:29 2016 (575742D1)
ImmunetNetworkMonitor.sys   Tue Jul 19 17:48:22 2016 (578EA026)
zam64.sys                   Wed Aug 17 13:06:53 2016 (57B499AD)
zamguard64.sys              Wed Aug 17 13:06:53 2016 (57B499AD)
farflt.sys                  Fri Mar 24 11:34:26 2017 (58D53C82)
MBAMSwissArmy.sys           Thu May 18 14:34:35 2017 (591DE93B)
mbam.sys                    Fri May 19 12:02:10 2017 (591F1702)
mwac.sys                    Thu May 25 15:13:56 2017 (59272CF4)
MBAMChameleon.sys           Fri May 26 16:53:01 2017 (592895AD)

BthAvrcp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=AtiPcie.sys
http://www.carrona.org/drivers/driver.php?id=bthav.sys
BthAudioHF.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=usbfilter.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=stwrt64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=hpdskflt.sys
http://www.carrona.org/drivers/driver.php?id=Accelerometer.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=BazisVirtualCDBus.sys
http://www.carrona.org/drivers/driver.php?id=SynTP.sys
SplitCamAudio.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=athrx.sys
http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys
http://www.carrona.org/drivers/driver.php?id=ElbyCDIO.sys
http://www.carrona.org/drivers/driver.php?id=VClone.sys
http://www.carrona.org/drivers/driver.php?id=networx.sys
splitcam_hd_driver.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=AtihdW76.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
immunetselfprotect.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
immunetprotect.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
ImmunetNetworkMonitor.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=zam64.sys
http://www.carrona.org/drivers/driver.php?id=zamguard64.sys
http://www.carrona.org/drivers/driver.php?id=farflt.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=MBAMChameleon.sys

 

[Bryan61]

Windows updates had been manually checked just a day or two before this began.

I had been following instructions from bleepingcomputer on removing smumi.club and they didn't mention unistalling ZAM before running MBAM. Uninstalling ZAM solved my problem with MBAM..

As far as smumi.club, after signing out of Chrome, exiting and restarting Chrome, and then signing back in, I seem to have eliminated it.(fingers crossed)

Thanks for your assistance.