BSODs when scanning with MBAM and at random

Hey,

I have been having some BSODs again and was hoping i could get some help with it. I can't finish a full scan with MBAM, as i Get a BSOD in the process. That isn't the main problem, I have been getting BSODs aswell when I am not scanning, i would like to fix this. I have uploaded the files from the SF Diagnostic Tool in the attachment.

My system specs:
Windows 7 home premium 64-bit, ati radeon hd 5770, 8 gb drr3, AMD Athlon II x4 640 @3,0 ghz processor

Thanks in advance,
Robert

Code:

BugCheck 3B, {c0000005, fffff80003384d37, fffff880063b4c90, 0}

Probably caused by : memory_corruption ( nt!MiIdentifyPfn+317 )

Code:

fffff880063b4c90 -- (.cxr 0xfffff880063b4c90)
rax=0000000000000001 rbx=0200000000191e29 rcx=ff00fa800b1e5580
rdx=0000000000185aa0 rsi=0000000000000000 rdi=fffffa800c918408
rip=fffff80003384d37 rsp=fffff880063b5670 rbp=fffffa800b1b4d80
 r8=0000000000192a49  r9=0000000000000001 r10=0000000000000042
r11=0000058000000000 r12=0000000000000000 r13=0000000000000000
r14=fffffa800b1b4d00 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!MiIdentifyPfn+0x317:
fffff800`03384d37 488b4118        mov     rax,qword ptr [rcx+18h] ds:002b:ff00fa80`0b1e5598=????????????????

Code:

1: kd> lmvm atikmpag
start             end                 module name
fffff880`03e36000 fffff880`03ed4000   atikmpag T (no symbols)           
    Loaded symbol image file: atikmpag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmpag.sys
    Image name: atikmpag.sys
    Timestamp:        Thu Sep 05 07:33:34 2013 (522825BE)
    CheckSum:         0009FE87
    ImageSize:        0009E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

You appear to be using the Beta drivers for your AMD graphics card, please roll back to the latest WHQL version from here - AMD Graphics Drivers & Software

WHQL
Release Date: April 24th 2013
Version: 13.4
In Device Manager: 12.104

I did that, still had 3 in the meantime. Attached these.

As thing on top of the message it says "System service exception" mostly.

Code:

0: kd> !thread
GetPointerFromAddress: unable to read from fffff800034af000
THREAD fffffa800d300b50  Cid 0b1c.0f0c  Teb: 000007fffffa4000 Win32Thread: 0000000000000000 RUNNING on processor 0
IRP List:
    Unable to read nt!_IRP @ fffffa800aaacae0
Not impersonating
GetUlongFromAddress: unable to read from fffff800033eeba4
Owning Process            fffffa800a8c3a70       Image:         NisSrv.exe
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      149444       
Context Switch Count      139            IdealProcessor: 0             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x000000007708fbf0
Stack Init fffff88003e75db0 Current fffff88003e75aa0
Base fffff88003e76000 Limit fffff88003e70000 Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

It does seem to be a driver issue, we can see this with a pending IRP in the crashed thread.

Code:

BugCheck 19, {22, fffffa800c604000, 0, 0}

GetPointerFromAddress: unable to read from fffff800034b7100
GetUlongFromAddress: unable to read from fffff800034b71c0
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+72e6 )

Code:

3: kd> !poolval fffffa800c604000
Pool page fffffa800c604000 region is Nonpaged pool

Validating Pool headers for pool page: fffffa800c604000

Pool page [ fffffa800c604000 ] is __inVALID.

Analyzing linked list...


Scanning for single bit errors...

None found

Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:

• Driver Verifier - Enable and Disable

   Information

Additional Help - Using Driver Verifier to identify issues with Drivers

Pleass select the Individual Settings option, and then enable all the settings, apart from the Low Resources Simulation.

So here is something interesting, I didn't have any BSODs when using verifier. As soon as I just turned off verifier, I gain 3 BSODs...

Well I had 2 BSODs in 3 days with verifier, but that seems a lot less that 3 in less than an hour without the verifier running.

I didn't get the dmp files of the 2 BSODs with verifier(my system doesn't make dmp files while using verifier, very hard to explain. I get the beginning of an BSOD, sometimes the actual blue screen, sometimes the crash screen before the blue screen, but it freezes at that point. So it doesn't make a dmp file and just freezes like that until i manually restart the computer.), but I attached the last 3 files.

Code:

2: kd> lmvm atikmdag

start             end                 module name
fffff880`07252000 fffff880`07dc5000   atikmdag T (no symbols)           
    Loaded symbol image file: atikmdag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
    Image name: atikmdag.sys
    Timestamp:        Fri Mar 29 02:27:04 2013 (5154FBF8)
    CheckSum:         00B25604
    ImageSize:        00B73000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your graphics card driver still seems to be problematic, and AMD have released a new WHQL driver:

WHQL
Release Date: September 18th 2013
Version: 13.9
In Device Manager: 13.152