Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection - BSOD - atapi.sys


  • This topic is locked This topic is locked
2 replies to this topic

#1 Jo C

Jo C

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 23 January 2011 - 05:17 PM

For the last week my laptop has been having Blue Screen crashes. At the top of the blue screen it says Kernel Data Inpage Error and then below it says atapi.sys Address F749350C base a F7486000, Date Stamp 4802539d.
I then Googled atapi.sys to see what could be causing these BSODs. Nothing out of the ordinary has come up on my AVG scans. I don't know what I have that is causing this and I don't dare want to delete something vital. I force the shutdown before the Blue Screen takes action and begins dump of physical memory. I did a system restore back to January 9, as a software update was done on January 13 and I didn't know if the update was a problem. However after the laptop restarted, I got another BSOD. Twice I have gotten the screen that asked how I want to start up - the first time I chose Safe Mode (it didn't start all the way but instead I got another Blue Screen) and the second time I chose Normal and it started up all the way.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 16:19:20.25 on Sun 01/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.403 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264111191687
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176]
S2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2010-1-21 81920]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-1-21 23456]
S3 WPC54GSv1;Linksys Wireless Notebook Adapter WPC54GSv1 Driver;c:\windows\system32\drivers\WPC54GSv1.SYS [2006-12-1 610816]

=============== Created Last 30 ================

2011-01-23 20:31:06 -------- d-sha-r- C:\cmdcons
2011-01-23 20:27:36 98816 ----a-w- c:\windows\sed.exe
2011-01-23 20:27:36 89088 ----a-w- c:\windows\MBR.exe
2011-01-23 20:27:36 256512 ----a-w- c:\windows\PEV.exe
2011-01-23 20:27:36 161792 ----a-w- c:\windows\SWREG.exe
2011-01-23 18:30:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-23 18:30:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-22 20:49:21 -------- d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2011-01-22 21:12:51 90112 ----a-w- c:\windows\DUMP44c4.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:24:37.23 ===============

Attached Files


Edited by Jo C, 23 January 2011 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:52 PM

Posted 27 January 2011 - 11:22 PM

Hello Jo C ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:52 PM

Posted 12 February 2011 - 03:10 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users