 | |
| |
| 28 Apr 2011 | #1 |
| | ataport.sys BSOD Hey all, I'm consistently getting a BSOD centered around ataport.sys. It happens consistently if I try to access certain items from the control panel, such as Windows Update, but also will happen usually within 10 minutes of logging on without any seeming cause. Here are my system details: Dell Studio 1555 Laptop Windows 7 Professional x86 Originally had OEM Vista Home, but I upgraded to 7 using a Dell upgrade disk Computer is 1.75 years old; Windows 7 is about 1.25 years old. I'm attaching the dump files (I can't use the exe I'm supposed to to gather them - go figure it causes the BSOD, so I'm just attaching the minidump files), so if that's all you need go ahead, but here's a little backstory if it helps: It started when I was browsing the Internet, and I got one of those viruses that pretends to be an anti-malware program. I didn't download any dangerous exe's to my knowledge, so I think it went through a security hole in the browser. Anyway - I used Windows Security Essentials and Malwarebytes to get rid of it, but as I was cleaning up, my system BSOD'd. I don't have the original minidump because I did a system restore, but it may have been a different error. When I turned it on next, it wanted to install updates (even though it hadn't shut down properly). It hung at 0%, so I shut it down and started in safe mode. On that startup it told me updates didn't install properly and it was undoing the update. After that I fiddled around until I got it to do a system restore (to a few days earlier). The system boots now (a fair bit slower than it should), and I've got the BSOD problem described earlier. It runs no problem in safe mode, and my other partition with Ubuntu runs fine too. I've checked the memory with no errors. I did a chkdsk once and it didn't find anything, though when I ran it again later it "corrected" a bunch of problem - I didn't see any noticeable different though. Any help would be really appreciated. I'm happy to clarify if you have any questions! |
My System Specs | |
| 28 Apr 2011 | #2 |
| | Hi there, Seems like MpFilter.sys i.e. Microsoft Security Essentials has caused the system to crash. Follow this article How to manually uninstall Microsoft Security Essentials if you cannot uninstall it by using the Add or Remove Programs item and remove it completely. If you can't stay in Normal mode for long time go to Safe Mode disable it from start up How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7 Code: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 83a88487, The address that the exception occurred at Arg3: ae13175c, Trap Frame Arg4: 00000000 Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". FAULTING_IP: ataport!IdePortDispatchDeviceControl+b 83a88487 80b98600000000 cmp byte ptr [ecx+86h],0 TRAP_FRAME: ae13175c -- (.trap 0xffffffffae13175c) ErrCode = 00000000 eax=86efc9b0 ebx=00000000 ecx=00000000 edx=8a8bfbc8 esi=86efc9b0 edi=8307e3e1 eip=83a88487 esp=ae1317d0 ebp=ae1317d0 iopl=0 nv up ei ng nz na po cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283 ataport!IdePortDispatchDeviceControl+0xb: 83a88487 80b98600000000 cmp byte ptr [ecx+86h],0 ds:0023:00000086=?? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 8307e4ac to 83a88487 STACK_TEXT: ae1317d0 8307e4ac 86efc9b0 8a8bfbc8 addbc438 ataport!IdePortDispatchDeviceControl+0xb ae1317e8 8bd67bf1 8bd6b290 ba834660 86040000 nt!IofCallDriver+0x63 WARNING: Stack unwind information not available. Following frames may be wrong. ae131818 8bd74d73 ae1318e8 25c5a7fc 00000000 MpFilter+0xbf1 ae1318ac 8bd754d6 85dbe4c0 ae1318e8 00000000 MpFilter+0xdd73 ae1318c4 83ada19a 85dbe4c0 001318e8 ae131900 MpFilter+0xe4d6 ae131930 83adf9ec 85f4dad0 85dbe460 2dbe61ed fltmgr!FltpPerformPreMountCallbacks+0x1d0 ae131998 83adfc5b 89ecb6e0 8755d318 8755d318 fltmgr!FltpFsControlMountVolume+0x116 ae1319c8 8307e4ac 89ecb6e0 8755d318 83178d80 fltmgr!FltpFsControl+0x5b ae1319e0 831fa02b 8300e870 86efc9b0 8300e900 nt!IofCallDriver+0x63 ae131a44 830de514 86efc9b0 85f57d01 00000000 nt!IopMountVolume+0x1d8 ae131a7c 832823ef 85f57d20 ae131ba8 ae131b40 nt!IopCheckVpbMounted+0x64 ae131b60 8326357b 86efc9b0 a5dcb838 85f57a38 nt!IopParseDevice+0x7c9 ae131bdc 83289729 00000000 ae131c30 00000040 nt!ObpLookupObjectName+0x4fa ae131c38 83281a7b 0118e5bc 85dcb838 00000001 nt!ObOpenObjectByName+0x165 ae131cb4 8328d392 0118e618 80100080 0118e5bc nt!IopCreateFile+0x673 ae131d00 8308543a 0118e618 80100080 0118e5bc nt!NtCreateFile+0x34 ae131d00 77016344 0118e618 80100080 0118e5bc nt!KiFastCallEntry+0x12a 0118e620 00000000 00000000 00000000 00000000 0x77016344 STACK_COMMAND: kb FOLLOWUP_IP: ataport!IdePortDispatchDeviceControl+b 83a88487 80b98600000000 cmp byte ptr [ecx+86h],0 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: ataport!IdePortDispatchDeviceControl+b FOLLOWUP_NAME: MachineOwner MODULE_NAME: ataport IMAGE_NAME: ataport.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf16 FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b Followup: MachineOwner --------- |
| My System Specs |
| 28 Apr 2011 | #3 |
| | Edit: hold off on reading this for a bit - I got it working again but there are still problems.... Thanks so much for your reply, cap'n! That did fix the problem, at least somewhat - but there's still a problem. The BSODs went away, but the system was still pretty unstable (random problems, Windows couldn't update, maybe still a virus) - so I tried to do a repair install (using the upgrade feature of the install disk). I left for a bit during the install and when I came back there was another BSOD. This time it's the volsnap.sys driver. Now it bluescreens every time I boot, safemode or no. I've tried system restore and the recovery tools, but they don't change anything. I know it looks grim, but any suggestions? I've attached all the minidumps from today, but I couldn't figure out which were the most recent - those are the ones you want to look at, though. Thanks so much again! |
| My System Specs |
| . |
| |
| 28 Apr 2011 | #4 |
| | Your MSSE isn't the problem. It is the rootkit that is infected your system and is causing your AV to crash. Run this rootkit scan and report back the results How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)? You can also reinstall MSSE ...Summary of the dumps: Code: Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 13:32:04.496 2011 (UTC - 4:00) System Uptime: 0 days 0:03:33.119 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 12:15:51.236 2011 (UTC - 4:00) System Uptime: 0 days 0:03:50.859 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 11:32:28.736 2011 (UTC - 4:00) System Uptime: 0 days 0:03:49.360 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 11:11:28.832 2011 (UTC - 4:00) System Uptime: 0 days 0:03:48.455 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 10:41:40.282 2011 (UTC - 4:00) System Uptime: 0 days 0:03:55.905 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 00:10:45.805 2011 (UTC - 4:00) System Uptime: 0 days 0:03:10.428 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Thu Apr 28 00:01:31.615 2011 (UTC - 4:00) System Uptime: 0 days 0:04:01.238 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` Built by: 7600.16695.x86fre.win7_gdr.101026-1503 Debug session time: Wed Apr 27 23:21:53.262 2011 (UTC - 4:00) System Uptime: 0 days 0:07:34.885 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b ) DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x8E PROCESS_NAME: WmiPrvSE.exe FAILURE_BUCKET_ID: 0x8E_ataport!IdePortDispatchDeviceControl+b BiosReleaseDate = 11/07/2009 SystemManufacturer = Dell Inc. SystemProductName = Studio 1555 MaxSpeed: 2400 CurrentSpeed: 2394 จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ`` |
| My System Specs |
| 28 Apr 2011 | #5 |
| | Thanks for the reply! I tried running the tdsskiller program. It loads to 80% and then windows says it's "stopped working.' I tried in regular and safe mode with two different users. I tried it on another computer (no infection) and it works fine, so there's something on my comp not letting it run. Any ideas? Edit: I figured out I can run it in silent mode from the command line - I'm exploring options from there. |
| My System Specs |
| 28 Apr 2011 | #6 |
| | 
Quote: Originally Posted by thomaswp  Thanks for the reply! I tried running the tdsskiller program. It loads to 80% and then windows says it's "stopped working.' I tried in regular and safe mode with two different users. I tried it on another computer (no infection) and it works fine, so there's something on my comp not letting it run. Any ideas? |
| My System Specs |
| 28 Apr 2011 | #7 |
| | I tried renaming it - same result. Also from the command line it does run, but it gets no farther. |
| My System Specs |
| 28 Apr 2011 | #8 |
| | If you have the means necessary to do this, I would download and burn the Hiren boot cd. It includes many virus scans that you can run before loading windows. Download Hiren EDIT: Try this program http://www.sophos.com/en-us/products...i-rootkit.aspx |
| My System Specs |
| 28 Apr 2011 | #9 |
| | Ok, so I got tdss to work from the command line using the recovery tools's cmd (at boot). It says it found the TDSS rootkit, but it didn't say that it did anything. What command line arguments should I give it for it to remove the rootkit? |
| My System Specs |
| 28 Apr 2011 | #10 |
| |
Quote: Originally Posted by thomaswp Ok, so I got tdss to work from the command line using the recovery tools's cmd (at boot). It says it found the TDSS rootkit, but it didn't say that it did anything. What command line arguments should I give it for it to remove the rootkit? Command line parameters to run the utility TDSSKiller.exe -l <file_name> - write log to a file. -qpath <folder_name> - quarantine folder path (it will be created if does not exist). -h - list of command line arguments. The following arguments make the actions apply without prompting the user: -qall - copy all objects to quarantine (even non-infected); -qsus - copy to quarantine suspicious objects only; -qmbr - copy to quarantine all MBR; -qcsvc <service_name> - copy this service to quarantine; -dcsvc <service_name> - remove this service. E.g. use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder): TDSSKiller.exe -l report.txt For example, if you want to scan the PC with a detailed log saved into the file report.txt (it will be created in the folder with TDSSKiller.exe), use the following command: TDSSKiller.exe -l report.txt |
| My System Specs |
 |
ataport.sys BSOD problems?
| Thread Tools | |
| Similar help and support threads for: ataport.sys BSOD | ||||
| Thread | Forum | |||
| BSOD ataport.sys | BSOD Help and Support | |||
| ataport.sys BSOD | BSOD Help and Support | |||
| BSOD - ataport.sys | BSOD Help and Support | |||
| BSOD ATAPort.sys | BSOD Help and Support | |||
| bsod ataport.sys? | BSOD Help and Support | |||
All times are GMT -5. The time now is 04:28 PM.
