Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD due to ataport.sys (FRST.txt & .dmp)


  • This topic is locked This topic is locked
16 replies to this topic

#1 frnhalo

frnhalo

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 29 May 2012 - 11:14 PM

Hey Bleeping Computer,

I have a computer that blue screens in about 2 mins after logon. I have ran a couple of malware scanners and didn't really find anything. I have ran hardware diagnostics and nothing is wrong. I have ran Bootrec /fixmbr and /fixboot issue persists, I have ran a chkdsk /f /r and comes back clean. I have attached the FRST.txt log and the latest .dmp file. Let me know if this is saved.

P.S. - issue still occurs in safe mode.
Attached File  FRST.txt   28.02KB   18 downloads
Attached File  052912-30687-01.zip   28.03KB   5 downloads

Edited by hamluis, 30 May 2012 - 12:17 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.

______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 03 June 2012 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

We Need to Diagnose Your BlueScreen (BSOD)

1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter

Safe Mode

2. Select "Disable Automatic Restart on System Failure", as shown here:

Posted Image

When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Posted Image

A file name might be listed too. Please report this in your next post.
===

#3 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 June 2012 - 09:35 AM

I will Try it once i'm off work.

The dump file provided in the main post says:

Kernel_Mode_Exception_Not_Handled

Stop: 0x1000008e (0xc0000005, 0x82fa7487, 0x81f91754, 0x00000000)

ataport.sys - Address 0x82fa7487 base at 0x82fa1000 DateStamp 0x4ce788e8
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 05 June 2012 - 10:17 AM

Let see if we can find a good copy of the file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    ataport.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#5 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 June 2012 - 10:46 PM

Here is the systemlook log.

Attached File  SystemLook.txt   1.76KB   5 downloads
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 06 June 2012 - 08:10 AM

We need more information.

Please zip up the last 6 minidumps and attach to your reply:
  • Navigate to C:\Windows\Minidump <<< folder
  • Click on the most recent minidump file.
  • Hold down the <Ctrl> key, and click on the 5 next-most recent minidump files to also select them.
  • Release the <Ctrl> key.
  • Now, right-click on one of the selected files > Send to ... > Compressed (zipped) Folder.
    The zip file will be located in the same place (the Minidump folder).
  • Attach the zip file to your next reply.
    When you click on Add Reply, you will see the facility to attach a file just below the box where you type your message.


#7 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 June 2012 - 04:08 PM

I will go ahead and do so as soon as i get home from work.
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#8 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 June 2012 - 11:29 PM

Here are a few more minidumps for you.

Attached File  Minidump.zip   191.03KB   3 downloads

Let me know what's the next step.
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 13 June 2012 - 10:45 AM

Before we go any further lets try this.

If you can boot the computer to safe mode with Internet connection. Download this tool and run it in safe mode. Post the log.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 13 June 2012 - 01:33 PM

Continued from my previous post today.

I have an expert looking at your .dmp files. His reply suggest you have a problem with Microsoft Security Essentials.

From your logs.

*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys


How to manually uninstall Microsoft Security Essentials 1.0.1963 if you cannot uninstall it by using the Add or Remove Programs item
http://support.microsoft.com/kb/2435760

If the Fix it button on the page does not solve the issues remove it using the Let me fix it myself instructions on the page.
===

He suggests also for you to visit the DELL website and locate the downloads page for their particular model laptop ...

* (All I have is "SystemProductName = MM061", which seems likely to be an Inspiron 6400, and getting long in the tooth.)

Your bios is out of date.
BiosVersion = A08
BiosReleaseDate = 07/28/2006


===

You should also run this tool and update any outdated drivers that will be identified.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
If interested in security I would download the tool and run it.
<<<>>>

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 19 June 2012 - 10:27 AM

Are you still with me?

#12 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 20 June 2012 - 12:20 AM

yeah sorry about that been caught up in some other mess...
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#13 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 20 June 2012 - 12:23 AM

The computer doesn't stay up long enough for combofix to run properly. I'm currently running it safe mode to see if that will do. I have uninstalled MSE. I will post up the log as soon as i get it.

Edited by frnhalo, 20 June 2012 - 12:24 AM.

______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#14 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 20 June 2012 - 01:25 AM

Here are the Combofix log and the security check log.

Attached File  checkup.txt   807bytes   2 downloads

Attached File  ComboFix.txt   9.74KB   4 downloads
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 AM

Posted 20 June 2012 - 07:21 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29


===

What problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users