Intermittent BSOD, diag says ataport is culprit


  1. Posts : 16
    Windows 7 Home Premium 64bit spanish
       #1

    Intermittent BSOD, diag says ataport is culprit


    Recently I am getting more and more frequently BSODs which nearly always indicate
    "Probably caused by : ataport.SYS". My laptop is a SAMSUNG NP300V4A running Win 7 home premium 64 bit and uses a Seagate ST500LM012 HDD.

    I am also getting sporadic errors like "not enough timers available" when I open Samsung Support Center, an error from avast! GUI which I found also in the event log as an error:
    "AvastUI.exe - Error de aplicación : La instrucción de 0x00000000005A12CC hacía referencia a la memoria en 0x00000000005A12CC. No se pusieron los datos necesarios en la memoria debido a un estado de error de E/S de 0xc0000185."
    In English:
    "AvastUI.exe - application error: the instruction in 0x00000000005A12CC made reference to the memory in 0x00000000005A12CC. The necessary data had not been set into the memory due to an I/O error state of 0xc0000185."
    Frequently I am getting hints to I/O errors, e.g. that certain system files could not be read. When I check these files, they are there and alive and well accessible. SFC did not show any defect system files.
    An error that occurred several times (once 9x in a row, another time 20x in a row) was
    "El controlador detectó un error de controladora en \Device\Ide\IdePort0." In English:
    "The controller found a controller error in \Device\Ide\IdePort0."

    Somewhat weird wording, but anyway appears to point to an HDD controller error.

    All this made me think of a defect HDD or its controller, but all the HDD or memory tests that I made gave no problems or errors.



    I have done the following checks:
    1. Windows CHKDSK (returns no errors)
    2. Ran SFC /Scannow (no Errors)
    3. Checked the HDD controller which is updated and says it's running correctly. I did NOT uninstall and reinstall it from a download like I might have done with other controllers, because I guess that after uninstalling it my laptop would not work anymore. So how could this be done?
    4. Made an overnight Memory test (13 passes, no errors, CPU temperature shown as 75-76°C)
    5. Looked at Win event registers (shows sporadically read errors for certain system files, see above)
    6. Installed Windows Driver Kit 8.1 (WinDbg) and run the Crashdump analysis (gives :
      "BugCheck 7A, {fffff6fc40008ea8, ffffffffc0000185, 8335d860, fffff880011d593c}
      Probably caused by : ataport.SYS ( ataport!IdePortDispatchPnp+22 )"
    7. Installed Seatools for Windows (gives me a HDD failure without details and advises to run Seatools for DOS, which I did)
    8. Created a disk for Seatools for DOS (new version), which does not even see my HDD
    9. Used the older version which I had burnt some years ago ( does not recognize the disk either)
    10. Have run DISKMGMT.MSC which says everything is ok
    11. Have now created the recommended zip file which is attached to the post
    Now I don't know what to do further and need your help. I would be willing to buy a new HDD if this is the solution, but what if the problem is not the HDD but something in some faulty files or settings? Then I would transfer them to the new HDD when I restore my backup. The resolution of last resort, install everything from scratch would be very time consuming and I would like to avoid it of course. Besides that, I have no original Win7 disk, it's all in a recovery partition on this HD. So changing the disk would make things even more complicated.

    What can I do?
    Last edited by tuscanguy; 14 Jul 2014 at 12:46.
      My Computer


  2. Posts : 122
       #2

    Hello Tuscanguy,

    Sorry to hear that you're experiencing BSODs.

    Run a scan with Malwarebytes Anti-Malware - https://www.malwarebytes.org/
    Run a scan with TDSSKiller - TDSSKiller Download
    Run a scan with Malwarebytes Anti-Rootkit BETA - https://www.malwarebytes.org/antirootkit/

    Try uninstalling Avast, then run the clean-up utility avast! Uninstall Utility | Download aswClear for avast! Removal and then install it again.

    Hopefully you won't receive anymore BBODs.

    Thank you,
    VinnyBuxton
      My Computer


  3. Posts : 16
    Windows 7 Home Premium 64bit spanish
    Thread Starter
       #3

    Thank you Vinny, I will try it all.
    I did not think I have a virus because Avast had not detected any while running under Windows.
    But last night I ran a scan on start-up and Avast discovered this:
    ELF: MemproDroid-B
    ELF: Lootor AB
    ELF: Lootor AC
    ELF: Exynos-C
    They were all in a rooting software that I had downloaded to root my Samsung ACE because I ran out of system memory. Avast running in the phone does not find anything, though.
    If these are really malware and not wrongly recognised as such but in reality simply necessary parts of the rooting software, I think they are Android specific and should not be the cause of my troubles.

    I will now do as you propose and then post if it worked.
      My Computer


  4. Posts : 16
    Windows 7 Home Premium 64bit spanish
    Thread Starter
       #4

    While doing the first steps, something strange and somehow frightening happened.
    I ran Malwarebytes which found only one item, a registry entry marked as "PUM" (possibly unwanted modification) with the value saying something like
    "Proxyserver, http=127.0.0.1:8555"
    In order to understand what this meant, I googled it and landed in the malwarebytes.org forum, where directions were given from a staff member in a similar case to first run a utility named Rkill in order to stop all malicious processes. I did this and after this I discovered by chance that in my local network, where until this day there had been only my two computers, there was suddenly a third entry named www.inmet.gov.br, i.e. a website which I have never visited and which of course has nothing to do in my LAN! I was shocked and pulled the Lan cable after a few minutes. As soon as I connect it again, there it is again, no way to eliminate it.
    Any idea what to do?
      My Computer


  5. Posts : 16
    Windows 7 Home Premium 64bit spanish
    Thread Starter
       #5

    Well, after the shock I separated my "infected" laptop from the LAN, downloaded tdsskiller.exe to the other PC, then disconnected both from the web and reconnected the laptop to the LAN.

    Then ran the downloaded tdsskiller. It found 4 suspicious "forged" files, but no obvious malware. "SKIP" was preset for all and I left this setting. Pressed continue and then rebooted the system. The strange www entry in the computer list in my LAN has disappeared. but now my taskbar looked weird. It was white instead of the previous dark blue and some icons were invisible or looked strange, like in secure mode.
    I have attached the two log files that tdsskiller had written. After another reboot everything looked as usual again.

    Malwarebytes Anti-Rootkit BETA found nothing.

    Then uninstalled and reinstalled Avast.

    I will see if there are more BSODs. If so, I will post again, otherwise not.
    I still don't know whether the proxy entry which malwarebyte found in my registry is a bad thing or harmless.
    I will look for an explanation what the term "forged files" means that appeared in tdsskiller.
    And the strange www entry in my LAN list continues a big question mark to me.
    Apparently none of the programs that I have run now have changed anything, at least nothing that they reported.

    For now thank you very much for your help.
      My Computer


  6. Posts : 122
       #6

    Hello Tuscanguy,

    Sorry to hear you had all this trouble. Do you use any programs such as Hotspot Shield, which hide your IP while surfing the internet? Please could you run these programs, to double check:

    https://toolslib.net/downloads/viewd.../1-adwcleaner/
    HitmanPro 3 - SurfRight

    Adwcleaner will produce a log, please upload it to this post.

    Thank you,
    VinnyBuxton
      My Computer


  7. Posts : 16
    Windows 7 Home Premium 64bit spanish
    Thread Starter
       #7

    Vinny, thanks again. I had Hotspot Shield some time ago but have already uninstalled it. I am using (but not right now) Witopia VPN to surf certain sites.
    I will run the proposed checks asap and will report the results.
    Problem with some of these checks is, what to do with "suspicious" findings.
    Was the proxy that Malwarebytes found as a "PUM" really unwanted or was it something necessary? What is it good for? What if I eliminated it?
    How can a web site that I never visited (and which is apparently not a hackers site but an official gov site) appear in the list of my Computers in the LAN and what could be the consequences if it had not disappeared?
    Lots of questions, but for now I will concentrate on what you proposed.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:53.
Find Us