ataport.sys BSOD

Page 1 of 3 123 LastLast

  1. thomaswp
    Posts : 13
    Windows 7 Professional 32 Bit
       New #1

    ataport.sys BSOD


    Hey all,

    I'm consistently getting a BSOD centered around ataport.sys. It happens consistently if I try to access certain items from the control panel, such as Windows Update, but also will happen usually within 10 minutes of logging on without any seeming cause.

    Here are my system details:

    Dell Studio 1555 Laptop
    Windows 7 Professional x86
    Originally had OEM Vista Home, but I upgraded to 7 using a Dell upgrade disk
    Computer is 1.75 years old; Windows 7 is about 1.25 years old.

    I'm attaching the dump files (I can't use the exe I'm supposed to to gather them - go figure it causes the BSOD, so I'm just attaching the minidump files), so if that's all you need go ahead, but here's a little backstory if it helps:

    It started when I was browsing the Internet, and I got one of those viruses that pretends to be an anti-malware program. I didn't download any dangerous exe's to my knowledge, so I think it went through a security hole in the browser. Anyway - I used Windows Security Essentials and Malwarebytes to get rid of it, but as I was cleaning up, my system BSOD'd. I don't have the original minidump because I did a system restore, but it may have been a different error. When I turned it on next, it wanted to install updates (even though it hadn't shut down properly). It hung at 0%, so I shut it down and started in safe mode. On that startup it told me updates didn't install properly and it was undoing the update. After that I fiddled around until I got it to do a system restore (to a few days earlier). The system boots now (a fair bit slower than it should), and I've got the BSOD problem described earlier. It runs no problem in safe mode, and my other partition with Ubuntu runs fine too. I've checked the memory with no errors. I did a chkdsk once and it didn't find anything, though when I ran it again later it "corrected" a bunch of problem - I didn't see any noticeable different though.

    Any help would be really appreciated. I'm happy to clarify if you have any questions!
      My Computer
    Quote Quote

  3. Capt.Jack Sparrow
    Posts : 4,772
    Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
       New #2

    Hi there,

    Seems like MpFilter.sys i.e. Microsoft Security Essentials has caused the system to crash. Follow this article How to manually uninstall Microsoft Security Essentials if you cannot uninstall it by using the Add or Remove Programs item and remove it completely. If you can't stay in Normal mode for long time go to Safe Mode disable it from start up How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

    Code:
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 83a88487, The address that the exception occurred at
Arg3: ae13175c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
ataport!IdePortDispatchDeviceControl+b
83a88487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  ae13175c -- (.trap 0xffffffffae13175c)
ErrCode = 00000000
eax=86efc9b0 ebx=00000000 ecx=00000000 edx=8a8bfbc8 esi=86efc9b0 edi=8307e3e1
eip=83a88487 esp=ae1317d0 ebp=ae1317d0 iopl=0         nv up ei ng nz na po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010283
ataport!IdePortDispatchDeviceControl+0xb:
83a88487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8307e4ac to 83a88487

STACK_TEXT:  
ae1317d0 8307e4ac 86efc9b0 8a8bfbc8 addbc438 ataport!IdePortDispatchDeviceControl+0xb
ae1317e8 8bd67bf1 8bd6b290 ba834660 86040000 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
ae131818 8bd74d73 ae1318e8 25c5a7fc 00000000 MpFilter+0xbf1
ae1318ac 8bd754d6 85dbe4c0 ae1318e8 00000000 MpFilter+0xdd73
ae1318c4 83ada19a 85dbe4c0 001318e8 ae131900 MpFilter+0xe4d6
ae131930 83adf9ec 85f4dad0 85dbe460 2dbe61ed fltmgr!FltpPerformPreMountCallbacks+0x1d0
ae131998 83adfc5b 89ecb6e0 8755d318 8755d318 fltmgr!FltpFsControlMountVolume+0x116
ae1319c8 8307e4ac 89ecb6e0 8755d318 83178d80 fltmgr!FltpFsControl+0x5b
ae1319e0 831fa02b 8300e870 86efc9b0 8300e900 nt!IofCallDriver+0x63
ae131a44 830de514 86efc9b0 85f57d01 00000000 nt!IopMountVolume+0x1d8
ae131a7c 832823ef 85f57d20 ae131ba8 ae131b40 nt!IopCheckVpbMounted+0x64
ae131b60 8326357b 86efc9b0 a5dcb838 85f57a38 nt!IopParseDevice+0x7c9
ae131bdc 83289729 00000000 ae131c30 00000040 nt!ObpLookupObjectName+0x4fa
ae131c38 83281a7b 0118e5bc 85dcb838 00000001 nt!ObOpenObjectByName+0x165
ae131cb4 8328d392 0118e618 80100080 0118e5bc nt!IopCreateFile+0x673
ae131d00 8308543a 0118e618 80100080 0118e5bc nt!NtCreateFile+0x34
ae131d00 77016344 0118e618 80100080 0118e5bc nt!KiFastCallEntry+0x12a
0118e620 00000000 00000000 00000000 00000000 0x77016344


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!IdePortDispatchDeviceControl+b
83a88487 80b98600000000  cmp     byte ptr [ecx+86h],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ataport!IdePortDispatchDeviceControl+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf16

FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

Followup: MachineOwner
---------
      My Computer
    Quote Quote

  4. thomaswp
    Posts : 13
    Windows 7 Professional 32 Bit
    Thread Starter
       New #3

    Edit: hold off on reading this for a bit - I got it working again but there are still problems....

    Thanks so much for your reply, cap'n! That did fix the problem, at least somewhat - but there's still a problem. The BSODs went away, but the system was still pretty unstable (random problems, Windows couldn't update, maybe still a virus) - so I tried to do a repair install (using the upgrade feature of the install disk). I left for a bit during the install and when I came back there was another BSOD. This time it's the volsnap.sys driver. Now it bluescreens every time I boot, safemode or no. I've tried system restore and the recovery tools, but they don't change anything. I know it looks grim, but any suggestions?

    I've attached all the minidumps from today, but I couldn't figure out which were the most recent - those are the ones you want to look at, though.

    Thanks so much again!
      My Computer
    Quote Quote

  6. mgorman87
    Posts : 1,782
    Windows 7 Home Premium 64bit
       New #4

    Your MSSE isn't the problem. It is the rootkit that is infected your system and is causing your AV to crash. Run this rootkit scan and report back the results

    How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

    You can also reinstall MSSE

    ...Summary of the dumps:
    Code:
    
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 13:32:04.496 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:33.119
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 12:15:51.236 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:50.859
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 11:32:28.736 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:49.360
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 11:11:28.832 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:48.455
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 10:41:40.282 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:55.905
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 00:10:45.805 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:10.428
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Thu Apr 28 00:01:31.615 2011 (UTC - 4:00)
System Uptime: 0 days 0:04:01.238
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Wed Apr 27 23:21:53.262 2011 (UTC - 4:00)
System Uptime: 0 days 0:07:34.885
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b
BiosReleaseDate = 11/07/2009
SystemManufacturer = Dell Inc.
SystemProductName = Studio 1555
MaxSpeed:     2400
CurrentSpeed: 2394
จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ``
      My Computer
    Quote Quote

  7. thomaswp
    Posts : 13
    Windows 7 Professional 32 Bit
    Thread Starter
       New #5

    Thanks for the reply! I tried running the tdsskiller program. It loads to 80% and then windows says it's "stopped working.' I tried in regular and safe mode with two different users. I tried it on another computer (no infection) and it works fine, so there's something on my comp not letting it run. Any ideas?

    Edit: I figured out I can run it in silent mode from the command line - I'm exploring options from there.
      My Computer
    Quote Quote

  8. mgorman87
    Posts : 1,782
    Windows 7 Home Premium 64bit
       New #6

    thomaswp said:
    Thanks for the reply! I tried running the tdsskiller program. It loads to 80% and then windows says it's "stopped working.' I tried in regular and safe mode with two different users. I tried it on another computer (no infection) and it works fine, so there's something on my comp not letting it run. Any ideas?
    try renaming the file to abc123.exe and run it again
      My Computer
    Quote Quote

  10. thomaswp
    Posts : 13
    Windows 7 Professional 32 Bit
    Thread Starter
       New #7

    I tried renaming it - same result. Also from the command line it does run, but it gets no farther.
      My Computer
    Quote Quote

  11. mgorman87
    Posts : 1,782
    Windows 7 Home Premium 64bit
       New #8

    If you have the means necessary to do this, I would download and burn the Hiren boot cd. It includes many virus scans that you can run before loading windows.

    Download Hiren

    EDIT: Try this program http://www.sophos.com/en-us/products...i-rootkit.aspx
      My Computer
    Quote Quote

  12. thomaswp
    Posts : 13
    Windows 7 Professional 32 Bit
    Thread Starter
       New #9

    Ok, so I got tdss to work from the command line using the recovery tools's cmd (at boot). It says it found the TDSS rootkit, but it didn't say that it did anything. What command line arguments should I give it for it to remove the rootkit?
      My Computer
    Quote Quote

  13. mgorman87
    Posts : 1,782
    Windows 7 Home Premium 64bit
       New #10

    thomaswp said:
    Ok, so I got tdss to work from the command line using the recovery tools's cmd (at boot). It says it found the TDSS rootkit, but it didn't say that it did anything. What command line arguments should I give it for it to remove the rootkit?
    EDIT: It might have cleaned it. Try rebooting into Windows and running the scan again from there.

    Command line parameters to run the utility TDSSKiller.exe
    -l <file_name> - write log to a file.
    -qpath <folder_name> - quarantine folder path (it will be created if does not exist).
    -h - list of command line arguments.

    The following arguments make the actions apply without prompting the user:

    -qall - copy all objects to quarantine (even non-infected);
    -qsus - copy to quarantine suspicious objects only;
    -qmbr - copy to quarantine all MBR;
    -qcsvc <service_name> - copy this service to quarantine;
    -dcsvc <service_name> - remove this service.

    E.g. use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder):

    TDSSKiller.exe -l report.txt
    For example, if you want to scan the PC with a detailed log saved into the file report.txt (it will be created in the folder with TDSSKiller.exe), use the following command:

    TDSSKiller.exe -l report.txt
      My Computer
    Quote Quote

 
Page 1 of 3 123 LastLast

  Related Discussions
Frequent BSOD ataport.sys
in BSOD Help and Support

Hello, I have had this HP G61 laptop since Jan 2010, and it came with Windows 7 64bit installed. I have had fairly frequent (several times a day) and apparently random BSODs for the last month or so. I have had four different error messages - most often IRQL_NOT_LESS_OR_EQUAL or...
BSOD ataport.sys
in BSOD Help and Support

Im running an HP Pavilion dv6000 laptop, 3 GB RAM New WD Blue Scorpion 160gb HD Windows 7 Ultimate 32 bit Installed Windows 7 1 month ago. I consider myself pretty savvy when it comes to computers, but this has me stumped?? usually 2-3 minutes after login, the computer will blue screen. I...
ataport.sys BSOD
in BSOD Help and Support

ok so i was playing battlestar galactica online when MSC detected virus after virus after virus the virus's being obfuscator or something along those lines cycbot.B and another one starting with Ponm along those lines. (after MSC deleted them they came up again and again) i couldn't catch...
BSOD - ataport.sys
in BSOD Help and Support

Hi, my computer restarts any time in a day with error message like BSOD - ataport.sys. i follow many solution from many forums but no luck. i did memory scan and chkdsk and scanfc. Following is my system details....
BSOD ATAPort.sys
in BSOD Help and Support

Ok, so I know i'm using vista and this is a win 7 forum... but i am desperate you are guys are the only active people i can find regarding tech help in this matter so please humour me. I have followed the instructions on the forum asking for information, and attached the files requested. Also I...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 ฉ Designer Media Ltd
All times are GMT -5. The time now is 13:17.
Find Us